Pages:
Author

Topic: Multisigna, the bitcoin multisig market ! (Read 3270 times)

newbie
Activity: 55
Merit: 0
is this an anonymous exchange service?
I recommend you to take a look at FAQ's on multisigna's site.
It's not completely anonymous and I think that this is impossible to achieve for any exchange that works with fiat electronic transactions. You have to share your bank data info with multisigna and then multisigna shares that info with the one you're trading with (he needs this info to make the payment). But multisigna doesn't hold bitcoins nor fiat so they shouldn't be legally forced to share that info with the government. A leak could happen, but it could happen on localbitcoins too and people are already using that service massively.
You can use different bank accounts with multisigna in the same multisigna's alias, and that gives you a little more of privacy too.


Thank you again, mantas!
I only want to add that we do not ask for identity documents. We only know the bank data. That is: account holder, bank name, IBAN and BIC for the European Market. In the American Market we need some more data in order to wire transfers to be performed.
But all this data are stored encrypted in our database. There is a script that, after several checkings, decrypts data with the only aim of facilitating them to the other partie intervening in the transaction. Data are encrypted again at the end of the script. So a leak of data is very unlikely to happen even if our servers are compromised.
That means that only the users which you interact with, will know your data.




full member
Activity: 232
Merit: 102
is this an anonymous exchange service?
I recommend you to take a look at FAQ's on multisigna's site.
It's not completely anonymous and I think that this is impossible to achieve for any exchange that works with fiat electronic transactions. You have to share your bank data info with multisigna and then multisigna shares that info with the one you're trading with (he needs this info to make the payment). But multisigna doesn't hold bitcoins nor fiat so they shouldn't be legally forced to share that info with the government. A leak could happen, but it could happen on localbitcoins too and people are already using that service massively.
You can use different bank accounts with multisigna in the same multisigna's alias, and that gives you a little more of privacy too.
legendary
Activity: 1512
Merit: 1012
This looks good, but has a long way to go. This is exactly what we need! But I'm not sure how to solve the fiat issue... I wouldn't also like to giveaway my details to someone else that may be untrusted.
hero member
Activity: 762
Merit: 500
is this an anonymous exchange service?
legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
This is exactly the problem which TLSNotary/PageSigner solves. You can show your online bank statement page without handing over your login credentials.

https://tlsnotary.org/pagesigner.html

This is interesting. Are you the dev? The quick start video there is even using bitcointalk as an example! Cheesy

I am not a programmer, but open source gives the tlsnotary add-on a bit more credibility. I might not use this for bank accounts yet, could be handy for verifying a PM on the forum. Thanks.
newbie
Activity: 55
Merit: 0
Nice work with this project. Looks cool. And thanks for supporting https://coinb.in

You're welcome. Thank you. You have a very useful site!
newbie
Activity: 55
Merit: 0
I would certainly not let you access my online bank account to check the existence of a particular transaction.
This is exactly the problem which TLSNotary/PageSigner solves. You can show your online bank statement page without handing over your login credentials.
https://tlsnotary.org/pagesigner.html


Thank you for the info. We will check it.
full member
Activity: 202
Merit: 100
I would certainly not let you access my online bank account to check the existence of a particular transaction.
This is exactly the problem which TLSNotary/PageSigner solves. You can show your online bank statement page without handing over your login credentials.
https://tlsnotary.org/pagesigner.html
hero member
Activity: 714
Merit: 601
Nice work with this project. Looks cool. And thanks for supporting https://coinb.in
newbie
Activity: 55
Merit: 0
Congrats to your project.

I see a few problems and would be interested how you want to solve those:
- How do you prevent fake accounts (wrong bank accounts nr). I could create an account, buy BTC and the seller lose time and need to start a dispute. I cannot steal money but I can create damage to the company and the sellers. I know thats not a high risk yet but need to be considered if you get more successful (competitors attack).
- If the seller use a stolen bank account or do a chargeback after a few days the BTC are paid out and the FIAT gets reversed. How do you deal with that? Blocking that user does not bring the Fiat back.
- How do you prevent against spam orders?
- How do you prove a bank transfer took place? A scammer could setup a proxy and show you a bank session with manipulated data.
- You use reputation which is might help but has its weaknesses - sybil attacks and long-con (https://en.wikipedia.org/wiki/The_Long_Con). So someone can become a gold member but then make a big scam (Bank chargeback). If the user comes from countries with a weak legal environment, the bank account data will not help much to fight against the scammer.
- Many of the above problems are related to the fact that anyone can create fake accounts without costs (consider VPN and other tricks so normal IP checks and the like will not help against real scammers). How do you prevent sock puppet accounts?
- If the BTC price change a lot in the timeframe of the trade, the seller is motivated to not fulfill the trade (if loss in the panetly is lower then loss in volatility). LocalBitcoin suffers a lot from those "Future trade" scams. How do you protect against that?
- The privacy of the traders are leaked to your company as with the Bank account you know their real life ID. What if you get an order from law encorfement to hand out all the user data?
- I did not see any information about the people behind the exchange. It seems you are a company but its missing any information about the legal entity.
- How do you estimate the risk to be considered as exchange which needs permission from regulation authority and to fulfill the KYC/AML requirements? Do you know the story of Bitcoin24.de which was operating completely without any legal base and then got tons of problems (though they held the money and BTC)? I wish you that you don't run into some similar problems. As long you are not well known nobody cares, but as soon you get success you get on their radar.
- How do you collect the penaly money in case of a dispute if the user refuse to pay that? If you take it from the deposit payment, that money will be missing to pay back to the honest trader, so the honest trader would get back less.

Sorry if the above sounds too critical but those are the questions I needed to answer myself for my project (Bitsquare.io) and I did not find easy solutions (and satisfying answers to all), though I would love to.

Very nice questions. I asked myself and them some of these too.
- I think they consider SEPA irreversible, and I thought that too, but I've found they aren't http://www.reddit.com/r/Bitcoin/comments/1hosog/psa_sepa_transfers_can_be_charged_back_quite/.
- What they offer is a web for easily operate with multisignatures, a bid/ask market and a escrow service. They need to prove that they can do the escrow part right. I don't know if they have a proxy-scam detection, but if they had I don't think they would share it because hackers could take advantage of it. I've been thinking that maybe this web will be just the draft copy of another one where you can choose who will be offering the escrow service.
- In some way, it's user's responsibility to protect against SPAM. They can choose the level of users they're trading with. And at first levels you can't do more than one transaction at time.
- All anonymous internet services are needing sock puppet's protection.
- The people running the exchange are still anonymous (or they think they are) Tongue. They're anonymous because they know what they offer it's something banks don't like and neither the government. This solves so much about leaking information or KYC/AML requirements. And they don't hold any user's money so, as mycellium's new payment system, it would be hard or impossible for the authorities to legally justify these requirements. And multisignatures protects users about trusting someone they don't know, and you only have to deposit bitcoins into multisig addressess once you have a trade accepted, so you'll only loose this trade's money in case the web collapses.
- There's no penalty money, if you do something wrong you just loose reputation. They only get comissions, and in beta period it's 0%.

In response to k99
MultiSigna has created a wide protocol to deal with the problems you mention. In fact, the development of this protocol is by far what most time has led in the development of MultiSigna. Covers all casuistry (we hope!) but is impossible to reproduce here.

Mantas aptly describes some of our features (thanks a lot!)
Just a little clarification, there are two penalties if a user is considered guilty.
- An expenses note is generated and the user can not trade in the MultiSigna market until it has been paid. However, what is really sought is not the collection of the expenses note, it is to disable the conflictive users as soon as possible.
- The user is penalized with a negative point and that has different consequences depending on the number of negative points that the user reaches.

But if there is a conflict there is always the risk that MultiSigna, the Bank, Paypal, VISA or, at the end, a judge not decide in your favor even if you are absolutely right. Perfection does not exist in the world of duality. Or zero risk, either.

You will not find the absolute security in MultiSigna, nor anywhere else. Whenever there is the human factor, there is a possibility of error or corruption. The question is to minimize it.
Some try it by regulators, corruptible by definition, where the small always lose and the big commit their crimes with impunity and even protected by law.
Others by security measures, that sooner or later fail. When not are themselves who make them fail!
We do it by providing all the transparency that we can in to the process and dividing the risk among so many multisignature addresses as pairs of buyer/seller are generated in our market.

In MultiSigna you can monitor the status of the order from your user account from the begining to the end, and control the inputs and outputs before signing any bitcoin transaction.
The bitcoins are deposited in a multisignature address at the time the buy/sale order is accepted and not before. That means that in a normal transaction, they are there just 24 hours.

In cases like Bitstamp or Bter it is not even possible to determine whether millionaire thefts were perpetrated from inside or outside the exchange itself! Nor that it can not happen again!
And here they are, with thousands of users trading as if nothing had happened!

No one wonders that when Bitstamp facilitates you a bitcoin address for you to transfer your bitcoins they do not send you an email with the address, they just show it to you on the website?
No one thinks that:
- It is an address that only they control?
- In case they deny it, nobody will prove that that direction where you transferred your bitcoin is theirs?
- In case of bankrupcy or theft, you can loose your bitcoins and your fiat?

As for the problems inherent to fiat transfers, they are not our responsibility, nor can we do anything. The reversal of payments in SEPA transfers while possible, is not something neither usual nor easy. On the other hand It is common to all forms of payment other than cash payment. But, as mentioned, perfection does not exist and the payment in cash has many other risks, in addition to being much more uncomfortable.

In response MedUSA
Obviously, if you're not willing to provide a bank account number (not necessarily yours...), it is impossible that you can trade in MultiSigna. Although everything has a solution and, at times, is very simple. It is as easy as opening a specific account for trading in MultiSigna by keeping the bulk of your savings in another bank account.

...account from what Christine Lagarde says she wants 10% or more... and that is available whenever they want, for all government agencies that rob us with one excuse or another Smiley
legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
The crypto part of the trade looks fine. It is the fiat part of the trade that will cause problems. If I do a trade with a stranger on the internet. I would not like him/her to know my bank account number. I would certainly not let you access my online bank account to check the existence of a particular transaction. This trade platform avoids touching fiat solves the hack problem but created problems in another area.
full member
Activity: 232
Merit: 102
Congrats to your project.

I see a few problems and would be interested how you want to solve those:
- How do you prevent fake accounts (wrong bank accounts nr). I could create an account, buy BTC and the seller lose time and need to start a dispute. I cannot steal money but I can create damage to the company and the sellers. I know thats not a high risk yet but need to be considered if you get more successful (competitors attack).
- If the seller use a stolen bank account or do a chargeback after a few days the BTC are paid out and the FIAT gets reversed. How do you deal with that? Blocking that user does not bring the Fiat back.
- How do you prevent against spam orders?
- How do you prove a bank transfer took place? A scammer could setup a proxy and show you a bank session with manipulated data.
- You use reputation which is might help but has its weaknesses - sybil attacks and long-con (https://en.wikipedia.org/wiki/The_Long_Con). So someone can become a gold member but then make a big scam (Bank chargeback). If the user comes from countries with a weak legal environment, the bank account data will not help much to fight against the scammer.
- Many of the above problems are related to the fact that anyone can create fake accounts without costs (consider VPN and other tricks so normal IP checks and the like will not help against real scammers). How do you prevent sock puppet accounts?
- If the BTC price change a lot in the timeframe of the trade, the seller is motivated to not fulfill the trade (if loss in the panetly is lower then loss in volatility). LocalBitcoin suffers a lot from those "Future trade" scams. How do you protect against that?
- The privacy of the traders are leaked to your company as with the Bank account you know their real life ID. What if you get an order from law encorfement to hand out all the user data?
- I did not see any information about the people behind the exchange. It seems you are a company but its missing any information about the legal entity.
- How do you estimate the risk to be considered as exchange which needs permission from regulation authority and to fulfill the KYC/AML requirements? Do you know the story of Bitcoin24.de which was operating completely without any legal base and then got tons of problems (though they held the money and BTC)? I wish you that you don't run into some similar problems. As long you are not well known nobody cares, but as soon you get success you get on their radar.
- How do you collect the penaly money in case of a dispute if the user refuse to pay that? If you take it from the deposit payment, that money will be missing to pay back to the honest trader, so the honest trader would get back less.

Sorry if the above sounds too critical but those are the questions I needed to answer myself for my project (Bitsquare.io) and I did not find easy solutions (and satisfying answers to all), though I would love to.

Very nice questions. I asked myself and them some of these too.
- I think they consider SEPA irreversible, and I thought that too, but I've found they aren't http://www.reddit.com/r/Bitcoin/comments/1hosog/psa_sepa_transfers_can_be_charged_back_quite/.
- What they offer is a web for easily operate with multisignatures, a bid/ask market and a escrow service. They need to prove that they can do the escrow part right. I don't know if they have a proxy-scam detection, but if they had I don't think they would share it because hackers could take advantage of it. I've been thinking that maybe this web will be just the draft copy of another one where you can choose who will be offering the escrow service.
- In some way, it's user's responsibility to protect against SPAM. They can choose the level of users they're trading with. And at first levels you can't do more than one transaction at time.
- All anonymous internet services are needing sock puppet's protection.
- The people running the exchange are still anonymous (or they think they are) Tongue. They're anonymous because they know what they offer it's something banks don't like and neither the government. This solves so much about leaking information or KYC/AML requirements. And they don't hold any user's money so, as mycellium's new payment system, it would be hard or impossible for the authorities to legally justify these requirements. And multisignatures protects users about trusting someone they don't know, and you only have to deposit bitcoins into multisig addressess once you have a trade accepted, so you'll only loose this trade's money in case the web collapses.
- There's no penalty money, if you do something wrong you just loose reputation. They only get comissions, and in beta period it's 0%.
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
Congrats to your project.

I see a few problems and would be interested how you want to solve those:
- How do you prevent fake accounts (wrong bank accounts nr). I could create an account, buy BTC and the seller lose time and need to start a dispute. I cannot steal money but I can create damage to the company and the sellers. I know thats not a high risk yet but need to be considered if you get more successful (competitors attack).
- If the seller use a stolen bank account or do a chargeback after a few days the BTC are paid out and the FIAT gets reversed. How do you deal with that? Blocking that user does not bring the Fiat back.
- How do you prevent against spam orders?
- How do you prove a bank transfer took place? A scammer could setup a proxy and show you a bank session with manipulated data.
- You use reputation which is might help but has its weaknesses - sybil attacks and long-con (https://en.wikipedia.org/wiki/The_Long_Con). So someone can become a gold member but then make a big scam (Bank chargeback). If the user comes from countries with a weak legal environment, the bank account data will not help much to fight against the scammer.
- Many of the above problems are related to the fact that anyone can create fake accounts without costs (consider VPN and other tricks so normal IP checks and the like will not help against real scammers). How do you prevent sock puppet accounts?
- If the BTC price change a lot in the timeframe of the trade, the seller is motivated to not fulfill the trade (if loss in the panetly is lower then loss in volatility). LocalBitcoin suffers a lot from those "Future trade" scams. How do you protect against that?
- The privacy of the traders are leaked to your company as with the Bank account you know their real life ID. What if you get an order from law encorfement to hand out all the user data?
- I did not see any information about the people behind the exchange. It seems you are a company but its missing any information about the legal entity.
- How do you estimate the risk to be considered as exchange which needs permission from regulation authority and to fulfill the KYC/AML requirements? Do you know the story of Bitcoin24.de which was operating completely without any legal base and then got tons of problems (though they held the money and BTC)? I wish you that you don't run into some similar problems. As long you are not well known nobody cares, but as soon you get success you get on their radar.
- How do you collect the penaly money in case of a dispute if the user refuse to pay that? If you take it from the deposit payment, that money will be missing to pay back to the honest trader, so the honest trader would get back less.

Sorry if the above sounds too critical but those are the questions I needed to answer myself for my project (Bitsquare.io) and I did not find easy solutions (and satisfying answers to all), though I would love to.
full member
Activity: 232
Merit: 102
Hi, I think multisigna is a great idea but it needs more volume to show how that really works. I just entered to try it and learn more but I have no buying orders offering the best price.
About user levels, are you going to keep them as they are now for a long time or is it possible to change that in the future?
newbie
Activity: 55
Merit: 0
January 19, 2015, 09:50:32 AM
#11
We're open for business!
Start buying and selling bitcoins at the most secure market!

Remember, during beta we will not apply any commissions.

https://www.multisigna.com

newbie
Activity: 55
Merit: 0
January 11, 2015, 03:10:24 PM
#10
Don't worry, we have thought of all possible case scenarios.
For the buyer to send the fiat, the seller has first to fund the multisig address, once this address has the bitcoins the seller needs to make the fiat transfer.
Exchanges like Bitstamp, BTC-E, etc, if hacked, can disappear with your fiat & bitcoins, remember last years MtGox hack.
Next week the exchange will be online, with all TOS, FAQ, etc available.
legendary
Activity: 1877
Merit: 1396
The Last Cryptocoin Burner
January 11, 2015, 03:05:18 PM
#9
as i guess ,
it is easy to create fake document about wire transfer.
so you will spend a lot of time to control it at any wire transfer problems. thats a fail i think.one side should be trusted side like bitstamp or btc-e so transfer goes over it.best way.
Also it seems you dont store btc you dont know what to do if seller receives money and dont send btc Smiley

think about the time people will spend for any problem.for any amount for any time there should be problem .
con man look for a weak point in system. here all system is weak.

usd transfer problem
btc transfer  problem

why do think bitcoin exchange sites like bitstamp and btc-e have big volume.
system trustable and fast at buy-sell.
you put buyer and seller outside of a trust system.

like other p2p markets transfer system is weak.



newbie
Activity: 55
Merit: 0
January 11, 2015, 02:47:47 PM
#8
Hello teramit,

When the buyer confirms he has sent the funds the seller waits until he receives them, in case of conflict:

MultiSigna provides the needed infrastructure to generate a market where the users can complete their fiat money and crypto currency transactions. The informatic processes developed by MultiSigna allow a full automatic functioning and also allow to complete the fiat money ($, €) and crypto currency (btc) transactions directly between the users.
However, it is MultiSigna’s responsibility to mediate in case of any kind of conflict or disagreement between the users. In case of conflict between buyer and seller, MultiSigna will require payment vouchers and bank statements from both parts. Ultimately, MultiSigna could request the access, voluntary and exclusively in "read only" mode, to the user's online bank account to check the existence or non-existence of a particular transaction and solve the problem in favor of one of the parties.
Furthermore, MultiSigna may use each user’s positive/negative points record to be able to take side in case of conflict.

In any case, the user agrees to accept the resulting veredict of MultiSigna's investigations.

Since all transactions use a 2 of 3 multisignature address, if for example the buyer does not send the fiat to the seller, we intervene and if detect the buyer has not sent the fiat we sign a TX returning the bitcoins to the seller.
legendary
Activity: 1877
Merit: 1396
The Last Cryptocoin Burner
January 11, 2015, 02:28:09 PM
#7
i am trying to understand the job here...
if you dont store fiat how can you be sure about it has been sent ?
what about if a seller user says i sent bitcoin but havent received usd but buyer user says i sent usd .how can you solve it.
How can bank a transfer prooved? dont say me e-decont.
if you dont store usd you cant be sure about money transfer.
btc transfer can be proovd but usd cant.it is easy to create fake bank transfer document.
You dont store btc you dont store usd what s the difference from a forum site then.They also can do same job with you.
You cant solve problems caused by a con man.
newbie
Activity: 55
Merit: 0
January 11, 2015, 01:37:12 PM
#6
New update!

Launch Promotion:

- Fees as low as 0.2% for Platinum users 1)
- No deposit or withdrawal fees or limits, ever.
Remember: we neither touch your fiat ($, ?) nor your bitcoins !

1) No fees for all user levels during beta phase !
Platinum users features:
- Import and change your bitcoin address whenever you want. Up to 10 different bitcoin addresses stored.
- Change your bank account whenever you want. Up to 10 different bank accounts stored.
- You can even change your email and your alias ...
- Favorite users list (even if the favorite user changes his alias...)
- Black users list (even if the blacklisted user changes his alias...)

Beta version on https://www.multisigna.com the 19/01/2015

https://www.multisigna.com/assets/img/MultiSigna2.png
https://www.multisigna.com/assets/img/MultiSigna3.png
Pages:
Jump to: