Jump to content


Guide for Journalists and Fundraisers


  • Please log in to reply
22 replies to this topic

#21 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 10 March 2014 - 12:38 PM

View PostBrian Goss, on 10 March 2014 - 11:39 AM, said:

Mike -- that part about getting journalists to verify the donation address is a key concept I tried to emphasize in the document above. Having two separate communication channels is a good idea because one might be pwned.

Maybe a web based Bitcoin message signature verification service is a good idea?
Backup a bit.  Say I am a fundraiser, and I produce a document that I know is going to be spread around, copied and possibly altered.  Like Andreas did.

The phone number may be altered, the MC/Visa target pay to address may be altered, the Paypal address, or the bitcoin pay to address.  Any and all.  The worst case is of course a web page with changing content, as there a signature can not be calculated on the entire page.  Similarly, an email sent between parties is subtly changed and a verification cannot be done due to tabs and spaces being interjected.  Many other cases.

I would suspect the best way would be a jpg or other image format containing the text of the message and the verification being done only on that image with no supplemental text.  Of course, that image will not have clickable links but could have readable square codes.

Just trying to show that there is a lot to be done before signature and verification goes mainstream and/or in what fashion.  Issue is that suggested method - sign and vert - may only be plausibly useable by small subset of "journalists and fundraisers" in practical real world situations.

That's my concern, not the basic integrity of the approach.

#22 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 10 March 2014 - 12:51 PM

I'm not targeting mainstream.  I'm targeting those who need to know; like bitcoin journalists and fundraisers.  There are standards of proof that can be achieved.  Any non-signed message (text, image, or otherwise), is a non-starter.

#23 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 10 March 2014 - 03:10 PM

View PostBrian Goss, on 10 March 2014 - 12:51 PM, said:

I'm not targeting mainstream. I'm targeting those who need to know; like bitcoin journalists and fundraisers.  There are standards of proof that can be achieved.  Any non-signed message (text, image, or otherwise), is a non-starter.

Then it makes sense.

Something that occurs to me, slightly related/somewhat off topic, is that a totally positive method of a non-profit providing verification that a certain bitcoin public address was their corporate address would be for them to post it on their tax return, eg...

"Donations from 1y3D6...."   $13,062.43

Then a simple script could pull that address and verify that the request pay to address on apparent company publications was the same.  This would work if the public address listed was actually of the company which would imply they were not using web wallets for which the public address actually points to the common fund of the company providing the wallet.

Of course that is explainable as best practices....

Maybe the statement of purpose here is something like "Suggested means for creating public pay to addresses for charities or fundraisers".

Obviously and unfortunately, Mt. Gox customer pay to addresses exist at this time on the internet and in records of various payers.

I wonder how much has been paid into those addresses since the closure of Mt. Gox, and whether those payment streams have been returned.