@theymos - Request: Multisig addresses for treasurers

PrimeNumber7

copper member

Activity: 1624

Merit: 1899

Amazon Prime Member #7

Quote from: LoyceV on January 01, 2022, 06:57:46 AM

Quote from: owlcatz on December 31, 2021, 10:41:01 PM

I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...

The exit node may know what you read, but not who and where you are as long as you don't tell them.

A state-level actor could possibly execute a timing attack against a tor user. Also, if a single entity is running enough tor nodes, they will be able to serve as all three nodes in your circuit at least some of the time, and would know who you are (to an extent), and what you are doing.

Quote from: AB de Royse777 on December 28, 2021, 11:36:12 AM

Quote from: suchmoon on December 28, 2021, 11:18:52 AM

I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:

Quote from: theymos on March 19, 2013, 02:23:02 PM

The "T19 multisig" is a 3-of-5 multisig between theymos, achow101, SaltySpitoon, hilariousandco, and DarkStar_.

I was a bit surprised to notice this by the way.

I guess this shows that the concept of using multisig for treasurers works. I am curious to know what lead to the change.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Timelord2067 on December 31, 2021, 07:50:57 PM

Don't forget if you're on a TOR like browser, you can get a piece of code at the end of the URL that overrides the need to endlessly Captcha ~

Kind of like a lite version of 2FA (kind of)

For the record: the Captcha bypass code works for non-Tor users too, but usually the captcha isn't that bad without Tor.

Quote from: owlcatz on December 31, 2021, 10:41:01 PM

I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...

The exit node may know what you read, but not who and where you are as long as you don't tell them.

Quote

Question, do you still have to pay BTC for using "Evil" IP addresses? If you don't know what i"m talking about then the answer must be no... Cheesy

Yes. But there's now the possibility to Remove Proxyban (evil fees) - email to get whitelisted for free by either convincing me (or someone else) to get whitelisted, or get an established member (like yourself) to vouch for the new user.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: owlcatz on December 31, 2021, 10:41:01 PM

Interesting, I didn't know that but then again I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...

TOR is made up of several circuits. The exit node doesn't know where the original message came from and who sent it unless the same party also controls the entry node. So in theory, you should be safe if you use ONLY an NSA controlled exit node, but not an NSA entry node.

owlcatz

legendary

Activity: 3570

Merit: 1959

Quote from: LoyceV on December 29, 2021, 06:48:50 AM

Quote from: owlcatz on December 28, 2021, 08:44:55 PM

so the forum holds millions of dollars of BTC and can't implement 2FA?

I don't think that's a money thing. Personally, I like using just my password, and I hate how more and more websites make it exceedingly complicated to login.
2FA would also lead to more users losing access to their account.

Maybe the minimum password requirements when creating a new account could be updated to be actually secure at least? IDK, I agree on the lost 2FA thing, I just find it confounding that all that BTC was wasted on software
that 100% of nobody has any interest in using, obviously.. Roll Eyes

Quote from: Timelord2067 on December 31, 2021, 07:50:57 PM

Don't forget if you're on a TOR like browser, you can get a piece of code at the end of the URL that overrides the need to endlessly Captcha / click on a blade of grass or a puff of smoke etc. when logging in. You should be the only one that has access to that unique URL.

Kind of like a lite version of 2FA (kind of)

Interesting, I didn't know that but then again I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...

Question, do you still have to pay BTC for using "Evil" IP addresses? If you don't know what i"m talking about then the answer must be no... Cheesy

Timelord2067

legendary

Activity: 3696

Merit: 2219

💲🏎️💨🚓

Don't forget if you're on a TOR like browser, you can get a piece of code at the end of the URL that overrides the need to endlessly Captcha / click on a blade of grass or a puff of smoke etc. when logging in. You should be the only one that has access to that unique URL.

Kind of like a lite version of 2FA (kind of)

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: LoyceV on December 29, 2021, 06:48:50 AM

2FA would also lead to more users losing access to their account.

I think that more accounts are lost or hacked because of the lack of 2FA generally speaking, than lost because someone lost access to their device (there are always backup codes), but it would be nice to see some exact statistical confirmation.
2FA coming 100% in bitcointalk with new forum software Cheesy

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: owlcatz on December 28, 2021, 08:44:55 PM

so the forum holds millions of dollars of BTC and can't implement 2FA?

I don't think that's a money thing. Personally, I like using just my password, and I hate how more and more websites make it exceedingly complicated to login.
2FA would also lead to more users losing access to their account.

owlcatz

legendary

Activity: 3570

Merit: 1959

so the forum holds millions of dollars of BTC and can't implement 2FA? WTAF... Roll Eyes

Theymos??

Quickseller

copper member

Activity: 2926

Merit: 2347

Quote from: LoyceV on December 28, 2021, 12:08:37 PM

Removing 2 treasurers at a time means there was no redundancy left if they both wouldn't cooperate.

The multisig address is a 3-of-5 address, with theymos being one of the three.

A new address was created with the public keys of the 5 new treasurers (which is equivalent to theymos, the two treasurers that are remaining, and the two new treasurers). The transaction out of the old address would have been into the new address.

None of the treasurers would necessarily have known in advance that any of the treasurers were being relieved of their duties, or if they could deduct that one or more treasurers were being fired, which of the treasurers were being fired until theymos released the public keys of each of the treasurers.

suchmoon

legendary

Activity: 3654

Merit: 8909

https://bpip.org

Quote from: LoyceV on December 28, 2021, 12:08:37 PM

I didn't know that either (even though I recently visited that page, but didn't read everything).

Removing 2 at a time means there was no redundancy left if they both wouldn't cooperate.

I checked it because OgNasty was recently attacking theymos and minerjones so I figured there must be something going on. He's very childishly transparent like that.

There was an incident with minerjones being very unhappy with some spam not being deleted on the Collectibles board. Not sure about the timeline though. But this kind of loss of trust surely isn't good for this type of multisig setup.

Og's removal is not surprising albeit long overdue.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: suchmoon on December 28, 2021, 11:18:52 AM

I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:

I didn't know that either (even though I recently visited that page, but didn't read everything).

Removing 2 treasurers at a time means there was no redundancy left if they both wouldn't cooperate.

Quickseller

copper member

Activity: 2926

Merit: 2347

The new treasurers appear to have less controversy around their (business) dealings in the forum.

One of the former treasurers has a history of not verifying information.

AB de Royse777

legendary

Activity: 2464

Merit: 3878

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: suchmoon on December 28, 2021, 11:18:52 AM

I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:

Quote from: theymos on March 19, 2013, 02:23:02 PM

The "T19 multisig" is a 3-of-5 multisig between theymos, achow101, SaltySpitoon, hilariousandco, and DarkStar_.

I was a bit surprised to notice this by the way.

suchmoon

legendary

Activity: 3654

Merit: 8909

https://bpip.org

I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:

Quote from: theymos on March 19, 2013, 02:23:02 PM

The "T19 multisig" is a 3-of-5 multisig between theymos, achow101, SaltySpitoon, hilariousandco, and DarkStar_.

Edit - just to clarify because the quote makes it look like this happened in 2013: funds moved to a new address in April 2021, the thread was last edited on October 29, 2021.

JollyGood

legendary

Activity: 2534

Merit: 1713

Top Crypto Casino

Quote from: malevolent on August 22, 2019, 04:39:15 PM

Quote from: JollyGood on August 22, 2019, 03:41:40 PM

I am new to this whole Treasurer thing. Before reading parts of the thread I had no idea Treasurers existed.

Why on earth would that be the case? Why would multisigs be required if these are donations?

They have existed since 2013 and are there to increase the bus factor, ie. should theymos get hit by a bus, find himself robbed of the bitcoins, or should the money disappear in other ways, there are still treasurers holding a significant sum.

BTW, most of the money isn't from donations which have long since been spent on the development of new forum software (epochtalk), but from ad revenue.

Thank you for the post. It makes more sense now.

malevolent

legendary

Activity: 3472

Merit: 1721

Quote from: JollyGood on August 22, 2019, 03:41:40 PM

I am new to this whole Treasurer thing. Before reading parts of the thread I had no idea Treasurers existed.

Why on earth would that be the case? Why would multisigs be required if these are donations?

They have existed since 2013 and are there to increase the bus factor, ie. should theymos get hit by a bus, find himself robbed of the bitcoins, or should the money disappear in other ways, there are still treasurers holding a significant sum.

BTW, most of the money isn't from donations which have long since been spent on the development of new forum software (epochtalk), but from ad revenue.

Steamtyme

legendary

Activity: 1554

Merit: 2036

Having treasurers falls down to there not being one person in control of the very large amount of funds. This precaution prevents an unlikely exit scam or lost funds due to death, dissapesrance or other event.

The multisig wallets take care of those same issues in the same fashion by distributing the responsibility.

Donations can still be valuable and need to be protected.

JollyGood

legendary

Activity: 2534

Merit: 1713

Top Crypto Casino

Quote from: EcuaMobi on May 13, 2019, 03:35:02 PM

This has been suggested several times and I think it's extremely important. I see it as essential for the forum's funds security and I don't see any disadvantages at all. Current treasurer OgNasty agrees multisig should be used.

I would suggest choosing several very trustworthy users and creating x-in-y addresses, where x is at least 3 (to avoid collusion) and y is at least x+2 (to avoid an accident to lock the funds). 4-in-7 addresses could be a good option. Theymos, is there any reason this hasn't been implemented yet? What are the disadvantages? Funds have been lost and more could be lost in the future.

Local rule:
Vod can't quote or mention OgNasty, directly or indirectly.
OgNasty can't quote or mention Vod, directly or indirectly.

I am new to this whole Treasurer thing. Before reading parts of the thread I had no idea Treasurers existed.

Why on earth would that be the case? Why would multisigs be required if these are donations?

otrkid1970

member

Activity: 270

Merit: 17

Quote from: OgNasty on May 28, 2019, 06:03:54 PM

Quote from: otrkid1970 on May 28, 2019, 05:28:35 PM

Quote from: akamit on May 27, 2019, 06:56:52 PM

What could be the reasons that Theymos and Cobra may disappear? I read in this thread and in the contract about the word "Disappear (if)"

Dying is a natural thing - what else?

Theymos has control over the server, Cobra has control over the domain if I'm not wrong.
Who else has access to this domain and server in absence of Theymos and Cobra? Shouldn't be there a plan B at least for the natural cause?

Embezzlement from the forum.

I don't think you can embezzle money from yourself.

lol just stirring the pot

OgNasty

donator

Activity: 4760

Merit: 4323

Leading Crypto Sports Betting & Casino Platform

Quote from: otrkid1970 on May 28, 2019, 05:28:35 PM

Quote from: akamit on May 27, 2019, 06:56:52 PM

What could be the reasons that Theymos and Cobra may disappear? I read in this thread and in the contract about the word "Disappear (if)"

Dying is a natural thing - what else?

Theymos has control over the server, Cobra has control over the domain if I'm not wrong.
Who else has access to this domain and server in absence of Theymos and Cobra? Shouldn't be there a plan B at least for the natural cause?

Embezzlement from the forum.

I don't think you can embezzle money from yourself.

Topic: @theymos - Request: Multisig addresses for treasurers (Read 3021 times)