Jump to content


Guide for Journalists and Fundraisers


  • Please log in to reply
22 replies to this topic

#1 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 29 January 2014 - 03:55 PM

Rough draft of a guide for journalists and fundraisers:

https://www.dropbox....2try/FDL-TApRR8

I've incorporated the ideas of the text document https://docs.google....F_8E9lpEuo/edit


To be clear, anyone with the desire and ability is welcome to make it better!

Edited by Brian Goss, 03 March 2014 - 04:19 PM.


#2 Elizabeth Ploshay

Elizabeth Ploshay

    Secretary & Board Member/Member of Ed. Committee

  • Lifetime
  • Pip
  • 277 posts
  • LocationWashington, DC

Posted 29 January 2014 - 07:56 PM

Please add this to our trello board as well.
Thanks!

#3 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 30 January 2014 - 03:35 AM

Done

#4 Elizabeth Ploshay

Elizabeth Ploshay

    Secretary & Board Member/Member of Ed. Committee

  • Lifetime
  • Pip
  • 277 posts
  • LocationWashington, DC

Posted 30 January 2014 - 06:05 PM

Awesome! Thank you Brian! We can start reviewing and discuss on next week's call!

#5 Robert Lefebure

Robert Lefebure

    Member

  • Members
  • Pip
  • 22 posts
  • LocationWinter Park, Florida

Posted 06 February 2014 - 05:51 PM

Brian, What is meant by "two channels"?
Verify donation
address & signature
before publication
using at least two
channels"


Also, I just published a donation page today for our school at www.Brightlearning.org/donations.

#6 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 06 February 2014 - 05:57 PM

I need a good short word or phrase (better than channel) to describe this:
1) telephone
2) email

Or
1) SMS
2) twitter

The idea is to verify that the signed message wasn't intercepted and replaced with another signmed message.

For example, if you put a signed message soliciting funds for donation on your website, and I hack your site and replace it with my own signed message directing donors to send funds to my address, the donors would have no way of knowing. But, if you send me the signed message via email, I could compare to the website.

The payment protocol will definitely help in this area and our cheif sci guy is working hard with others on it.

#7 Sandy Ressler

Sandy Ressler

    Member

  • Members
  • Pip
  • 41 posts
  • LocationNorth Potomac, Maryland

Posted 06 February 2014 - 10:52 PM

Hi Brian...interesting guide...I question the lumping together of Journalists and Fundraisers? I'd see them as two very separate audiences. Personally I'd focus on Fundraisers as that is an audience for which you've got a good start at addressing their needs. As for Journalists that's a much broader audience and I'm kinda unclear that a guide would even be useful specifically for them. Theoretically journalists should be interested in all of the various aspects of Bitcoin (split along their varied audiences). Anyway I'd suggest picking one of these and focusing on it..(my personal choice would be fundraisers) IMHO

#8 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 07 February 2014 - 03:29 PM

The unifying factor is the publication of addresses associated with a cause/organization/identity.  Perhaps renaming the guide to reflect that would be better.

Journalists know how to verify sources, corroborate stories, etc...but, they don't know how to avoid publishing a false/substituted donation address.

#9 David R Allen

David R Allen

    Member

  • Members
  • Pip
  • 1,024 posts

Posted 07 February 2014 - 03:41 PM

View PostBrian Goss, on 07 February 2014 - 03:29 PM, said:

The unifying factor is the publication of addresses associated with a cause/organization/identity.  Perhaps renaming the guide to reflect that would be better.

Journalists know how to verify sources, corroborate stories, etc...but, they don't know how to avoid publishing a false/substituted donation address.

Brian, I think you have nailed the issue that I saw as well. As a long time journalist, I see more Op Ed than investigative factual info, and pointing to the potential for error would be helpful for both groups.

A guide to "Publishing and Digital Currency Bitcoin Donations for Non-profits" might be more to the point.

#10 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 07 February 2014 - 06:30 PM

Or Guidelines for Publishing & Verifying Bitcoin Addresses?

#11 Sandy Ressler

Sandy Ressler

    Member

  • Members
  • Pip
  • 41 posts
  • LocationNorth Potomac, Maryland

Posted 08 February 2014 - 01:41 AM

Ahhh well that is as they say a "horse of a different color"! ;-)
Makes a lot of sense with the new title I like "Guidelines for Publishing & Verifying Bitcoin Addresses" or "What you Need to Know Before you Publish a Bitcoin Address" ...anyway it makes sense to me now.

#12 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 08 February 2014 - 01:48 AM

Thanks guys, this is exactly how open source should go...everyone sees things differently but as a group we see the bigger picture. I'll update it next week.

#13 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 03 March 2014 - 04:22 PM

I changed title to A Guide to Publicizing Donation Addresses.  I'm gonna work on a new one as per the "unintended parallel mini EC meeting" minutes

#14 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 08 March 2014 - 05:59 PM

View PostBrian Goss, on 06 February 2014 - 05:57 PM, said:

I need a good short word or phrase (better than channel) to describe this:
1) telephone
2) email

Or
1) SMS
2) twitter

The idea is to verify that the signed message wasn't intercepted and replaced with another signmed message.

For example, if you put a signed message soliciting funds for donation on your website, and I hack your site and replace it with my own signed message directing donors to send funds to my address, the donors would have no way of knowing. But, if you send me the signed message via email, I could compare to the website.

The payment protocol will definitely help in this area and our cheif sci guy is working hard with others on it.
Brian - I'm a bit coinfused....

It seems that the goal here is to protect the donor against a hacked website.  And to protect against something like an apparently authoritative letter to the NY Times saying the likes of "Next time you do an article on Saving Puppies", please include our donation address 2349u234234234...which is fake.

On the one hand, the owner of the website should have that responsibility.  It's certainly in his interest to ask for donations, and to insure they go to him/his cause.

But if a journalist was writing a story, and included a donate-to QR code for bitcoin donations, that story goes to millions, large numbers of donations are made before a correction to the code can be established...

Wouldn't the best way to handle that to think in terms of an intermediary, such as an escrow service?  This gets the journalist off the hook completely, and interjects the slight time delay which is useful for catching errors and fraud.

A.  Reporter says/writes:  "Donate to this QR code - just enter SAVEDOGS into the memo field".
B.  Reporter says/writes "Savedogs is a great organization - they have a QR code on their web site you can donate to."
C.  Reporter says/writes "Donate to this QR code" Which the reporter or his editor verifies.

A is the escrow type service, B and C appear to be the case you mentioned.

What am I missing?  I am just leaning in the direct that if you start with the belief that you can't trust the journalist, you need an intermediary you can trust.  Looks like a business opportunity for someone.

#15 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 08 March 2014 - 06:09 PM

Escrow? Wrong idea.

Take a look at this (http://pastebin.com/4MHvpaeN)...teaching people how to use bitcoin wallets do the equivalent what Andreas is doing here (with pgp) is the goal.

It's just common sense for those used to pgp...but sort of a new idea in the Bitcoin world.

#16 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 08 March 2014 - 06:15 PM

View PostBrian Goss, on 08 March 2014 - 06:09 PM, said:

Escrow? Wrong idea.

Take a look at this (http://pastebin.com/4MHvpaeN)...teaching people how to use bitcoin wallets do the equivalent what Andreas is doing here (with pgp) is the goal.

It's just common sense for those used to pgp...but sort of a new idea in the Bitcoin world.
I'm thinking in terms of a reporter in the afternoon, practicing his lines for breaking a hot story and going live in 30 minutes...

#17 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 08 March 2014 - 07:17 PM

I think getting people to understand message signing and verification is important...but not teaching folks to just blindly trust validly signed messages is equally important.  

It's a trivial concept...that's what makes it so deceptively difficult.

#18 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 08 March 2014 - 07:19 PM

For example...don't trust this...validly signed, but ludicrous content.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am Satoshi Nakamoto.
-----BEGIN PGP SIGNATURE-----
Version: iPGMail (2.0.9)

iQIcBAEBCAAGBQJTG20RAAoJEI4KxxUxCbZXXS8P/Rrf57L0BpZ43pnyn7RU5F8KH9vdwigVyLy5
BH20NmJ9cAd/o9AIaOC037OmkoqCgC4WhExyrVYo2LX2BT7IBDVgzF9ppLHQwj4+UDBok/sCDBMu
PJQQXtT4nUyuHl/a069XWgzsKlEckWIu3u6W4ZJ7Uk43S5mufUpxGudSXn9wKRJ6hL4ZvQsqFSgr
RvEXLdhmv+rX77OPyeP4JNGHWChJ2o7zGGW49N/oWcLnhvhPEvznsX/Ll8ym6+vOkzAeVoRsnC2R
2RUZyvR97UkJgbrjAZ7+uLckkC9DtQTnGh9djnWxqCK1g85vNaE/eoIObhEIl+Oe1KSvpCkHAXsM
RrGrAmfAFb51MMrNYUvdLdvgPwpbyjorYJG9DgHFvD851xNlk18UK4Mtd/TmRdYK7F0ga2weMUh0
YzUXqh64cSylcw/DuwQzAW2ktHVD5l9bZY1IIPdS5w/hTAl3GBeLOgwnozrduuWTOprJra7+xeIq
3WzLrGI4ghQ89UQ+jZSly4aGCCCTyPguHK+nLF70K4mMFAekdOhKpKNB8vPJJMLK6IhXfdWgedCE
/8BPCVllKK/ETvilGYcg3bq1mbBBqzZ5+ZC92Q8hk2iGObI/mQPAxzqlW45NTA1fG5qBO3rIDUwZ
34CT+zc4leU3xFpYJGgfWZBX9YXSXzkoc2/2cygr
=mVr0

-----END PGP SIGNATURE-----

#19 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 10 March 2014 - 04:55 AM

View PostBrian Goss, on 08 March 2014 - 07:17 PM, said:

I think getting people to understand message signing and verification is important...but not teaching folks to just blindly trust validly signed messages is equally important.  

It's a trivial concept...that's what makes it so deceptively difficult.
Given that a lot of activity will be / is on simple web wallets (one end or both), and that many of those operate on pooled funds/pooled bitcoin basis, no signature and verification of that group is possible.  Examples, coinbase, Mt. Gox.

Here is a breakdown of numerous wallets.
http://bitcoinmagazi...wallet-options/

These are cases where other means are required.  I have used signature and verification with bitcoin-qt, can use it with blockchain wallet, but few consumer/reporters/journalists would likely be using either.

Possible alternative.

Reporter calls "source".

"Dude...your public address, it this thing ends with 1697?"

"Yep."

"Okay, I'll print it."

#20 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 10 March 2014 - 11:39 AM

Mike -- that part about getting journalists to verify the donation address is a key concept I tried to emphasize in the document above. Having two separate communication channels is a good idea because one might be pwned.

Maybe a web based Bitcoin message signature verification service is a good idea?