Sebastian Urbach:
Hi,
I like to suggest adding oniontip.com to the "Donate" section on the tor website. It's a nice possibility to help the Relay-Oerators.
While I think OnionTip is awesome, I'm a little concerned about its apparently built-in lack of external auditability. Why is it generating one-time use Bitcoin addresses, for example?
If it is for key material protection reasons, why can't these one-time addresses flow through a single more protected address, that is easy to verify that it is performing as expected?
Amusingly, I'm perhaps the most vocal critic about the public visibility of bitcoin transactions on our lists, but in this case, it would provide a clean audit trail for the service, which is already mostly public anyway, at least on the output side. And the input side is the responsibility of the user to keep private with proper address use and/or mixes, at least in the Bitcoin world as it is today.
While I'm at it, I have a couple wishlist items for this thing. I don't think these are blockers to recommending the service as much as auditability is, but they sure would be cool:
1. It should allow me to select if I want to donate only to nodes that have the Exit flag. Running an exit is way more involved (and often more expensive) than running a normal node, and I think it would be good to give folks the option to target their donation in this way. And perhaps encourage it as the default donation mode.
2. It also already seems to have GeoIP information, at least on the country level. There are all sorts of interesting selectors that could be done with this. You could donate to relays in countries in inverse proportion to the number of relays they have, to encourage jurisdictional diversity, for example. Or more simply, just pick a country. This one is admittedly less cool and more complicated to figure out than just the Exit vs non-exit thing, though. (Do you also weight countries per-capita? Per internet user? Per Tor user? etc).
In my opinion, each of these breakout options should have their own dedicated (intermediate/flow-through?) BTC address, so it is possible to perform auditing for each of them using only the blockchain.