Pages:
Author

Topic: @theymos - Request: Multisig addresses for treasurers (Read 3135 times)

copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...
The exit node may know what you read, but not who and where you are as long as you don't tell them.
A state-level actor could possibly execute a timing attack against a tor user. Also, if a single entity is running enough tor nodes, they will be able to serve as all three nodes in your circuit at least some of the time, and would know who you are (to an extent), and what you are doing.

I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:

The "T19 multisig" is a 3-of-5 multisig between theymos, achow101, SaltySpitoon, hilariousandco, and DarkStar_.

I was a bit surprised to notice this by the way.
I guess this shows that the concept of using multisig for treasurers works. I am curious to know what lead to the change.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Don't forget if you're on a TOR like browser, you can get a piece of code at the end of the URL that overrides the need to endlessly Captcha ~

Kind of like a lite version of 2FA (kind of)
For the record: the Captcha bypass code works for non-Tor users too, but usually the captcha isn't that bad without Tor.

I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...
The exit node may know what you read, but not who and where you are as long as you don't tell them.

Quote
Question, do you still have to pay BTC for using "Evil" IP addresses? If you don't know what i"m talking about then the answer must be no... Cheesy
Yes. But there's now the possibility to Remove Proxyban (evil fees) - email to get whitelisted for free by either convincing me (or someone else) to get whitelisted, or get an established member (like yourself) to vouch for the new user.
legendary
Activity: 2730
Merit: 7065
Interesting, I didn't know that but then again I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...
TOR is made up of several circuits. The exit node doesn't know where the original message came from and who sent it unless the same party also controls the entry node. So in theory, you should be safe if you use ONLY an NSA controlled exit node, but not an NSA entry node.   
legendary
Activity: 3570
Merit: 1959
so the forum holds millions of dollars of BTC and can't implement 2FA?
I don't think that's a money thing. Personally, I like using just my password, and I hate how more and more websites make it exceedingly complicated to login.
2FA would also lead to more users losing access to their account.

Maybe the minimum password requirements when creating a new account could be updated to be actually secure at least? IDK, I agree on the lost 2FA thing, I just find it confounding that all that BTC was wasted on software
 that 100% of nobody has any interest in using, obviously.. Roll Eyes

Don't forget if you're on a TOR like browser, you can get a piece of code at the end of the URL that overrides the need to endlessly Captcha / click on a blade of grass or a puff of smoke etc. when logging in.  You should be the only one that has access to that unique URL.

Kind of like a lite version of 2FA (kind of)

Interesting, I didn't know that but then again I don't use TOR, it's slow af for me and I don't see the benefit when most exit nodes are NSA from what I read...

Question, do you still have to pay BTC for using "Evil" IP addresses? If you don't know what i"m talking about then the answer must be no... Cheesy
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Don't forget if you're on a TOR like browser, you can get a piece of code at the end of the URL that overrides the need to endlessly Captcha / click on a blade of grass or a puff of smoke etc. when logging in.  You should be the only one that has access to that unique URL.

Kind of like a lite version of 2FA (kind of)
legendary
Activity: 2212
Merit: 7064
2FA would also lead to more users losing access to their account.
I think that more accounts are lost or hacked because of the lack of 2FA generally speaking, than lost because someone lost access to their device (there are always backup codes), but it would be nice to see some exact statistical confirmation.
2FA coming 100% in bitcointalk with new forum software Cheesy
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
so the forum holds millions of dollars of BTC and can't implement 2FA?
I don't think that's a money thing. Personally, I like using just my password, and I hate how more and more websites make it exceedingly complicated to login.
2FA would also lead to more users losing access to their account.
legendary
Activity: 3570
Merit: 1959
so the forum holds millions of dollars of BTC and can't implement 2FA? WTAF... Roll Eyes

Theymos??
copper member
Activity: 2996
Merit: 2374
Removing 2 treasurers at a time means there was no redundancy left if they both wouldn't cooperate.
The multisig address is a 3-of-5 address, with theymos being one of the three.

A new address was created with the public keys of the 5 new treasurers (which is equivalent to theymos, the two treasurers that are remaining, and the two new treasurers). The transaction out of the old address would have been into the new address.

None of the treasurers would necessarily have known in advance that any of the treasurers were being relieved of their duties, or if they could deduct that one or more treasurers were being fired, which of the treasurers were being fired until theymos released the public keys of each of the treasurers.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
I didn't know that either (even though I recently visited that page, but didn't read everything).

Removing 2 at a time means there was no redundancy left if they both wouldn't cooperate.

I checked it because OgNasty was recently attacking theymos and minerjones so I figured there must be something going on. He's very childishly transparent like that.

There was an incident with minerjones being very unhappy with some spam not being deleted on the Collectibles board. Not sure about the timeline though. But this kind of loss of trust surely isn't good for this type of multisig setup.

Og's removal is not surprising albeit long overdue.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:
I didn't know that either (even though I recently visited that page, but didn't read everything).

Removing 2 treasurers at a time means there was no redundancy left if they both wouldn't cooperate.
copper member
Activity: 2996
Merit: 2374
The new treasurers appear to have less controversy around their (business) dealings in the forum. 

One of the former treasurers has a history of not verifying information.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:

The "T19 multisig" is a 3-of-5 multisig between theymos, achow101, SaltySpitoon, hilariousandco, and DarkStar_.

I was a bit surprised to notice this by the way.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
I might have missed the announcement so I apologize if it's old news but it looks like OgNasty and minerjones are no longer treasurers:

The "T19 multisig" is a 3-of-5 multisig between theymos, achow101, SaltySpitoon, hilariousandco, and DarkStar_.

Edit - just to clarify because the quote makes it look like this happened in 2013: funds moved to a new address in April 2021, the thread was last edited on October 29, 2021.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
I am new to this whole Treasurer thing. Before reading parts of the thread I had no idea Treasurers existed.

Why on earth would that be the case? Why would multisigs be required if these are donations?

They have existed since 2013 and are there to increase the bus factor, ie. should theymos get hit by a bus, find himself robbed of the bitcoins, or should the money disappear in other ways, there are still treasurers holding a significant sum.

BTW, most of the money isn't from donations which have long since been spent on the development of new forum software (epochtalk), but from ad revenue.


Thank you for the post. It makes more sense now.

legendary
Activity: 3472
Merit: 1724
I am new to this whole Treasurer thing. Before reading parts of the thread I had no idea Treasurers existed.

Why on earth would that be the case? Why would multisigs be required if these are donations?

They have existed since 2013 and are there to increase the bus factor, ie. should theymos get hit by a bus, find himself robbed of the bitcoins, or should the money disappear in other ways, there are still treasurers holding a significant sum.

BTW, most of the money isn't from donations which have long since been spent on the development of new forum software (epochtalk), but from ad revenue.
legendary
Activity: 1568
Merit: 2037
Having treasurers falls down to there not being one person in control of the very large amount of funds. This precaution prevents an unlikely exit scam or lost funds due to death, dissapesrance or other event.

The multisig wallets take care of those same issues in the same fashion by distributing the responsibility.

Donations can still be valuable and need to be protected.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
This has been suggested several times and I think it's extremely important. I see it as essential for the forum's funds security and I don't see any disadvantages at all. Current treasurer OgNasty agrees multisig should be used.

I would suggest choosing several very trustworthy users and creating x-in-y addresses, where x is at least 3 (to avoid collusion) and y is at least x+2 (to avoid an accident to lock the funds). 4-in-7 addresses could be a good option. Theymos, is there any reason this hasn't been implemented yet? What are the disadvantages? Funds have been lost and more could be lost in the future.

Local rule:
Vod can't quote or mention OgNasty, directly or indirectly.
OgNasty can't quote or mention Vod, directly or indirectly.


I am new to this whole Treasurer thing. Before reading parts of the thread I had no idea Treasurers existed.

Why on earth would that be the case? Why would multisigs be required if these are donations?
member
Activity: 270
Merit: 17
What could be the reasons that Theymos and Cobra may disappear? I read in this thread and in the contract about the word "Disappear (if)"

Dying is a natural thing - what else?


Theymos has control over the server, Cobra has control over the domain if I'm not wrong.
Who else has access to this domain and server in absence of Theymos and Cobra? Shouldn't be there a plan B at least for the natural cause?

Embezzlement from the forum.

I don't think you can embezzle money from yourself.

lol just stirring the pot
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
What could be the reasons that Theymos and Cobra may disappear? I read in this thread and in the contract about the word "Disappear (if)"

Dying is a natural thing - what else?


Theymos has control over the server, Cobra has control over the domain if I'm not wrong.
Who else has access to this domain and server in absence of Theymos and Cobra? Shouldn't be there a plan B at least for the natural cause?

Embezzlement from the forum.

I don't think you can embezzle money from yourself.
Pages:
Jump to: