Thomas White:
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
Well, my original ask was for everyone to be able to verify that all 12.36 BTC that oniontip has received (as of right now) has actually been distributed how the users have asked.
I suppose that since individual users can easily inspect that their donation has gone to the relays they selected (by looking at blockchain.info for their one-time use address), it is unlikely that the system will get away with cheating for long. But it is still hard for a new donor to tell if any other donors have been swindled recently, using simple blockchain inspection. They basically have to click around on the individual relay recipient keys to make sure everything looks legit.
This makes me nervous in terms of endorsement. I can easily see hundreds of users getting swindled before one of them suddenly realizes that there is an extra bitcoin address in their transactions that is not in the original relay list they selected, or that the actual bitcoin distribution was slightly different than what they selected. If all users could inspect all donations easily, this type of compromise would be found quicker.
Ideally, it would be possible to verify all of these questions (and many more) with only the blockchain. For instance, a comment in the bitcoin transaction could indicate the OnionTip options selected, and a single page on the website could allow us to view all donations to the system.
Beyond this, I think there are actually interesting sociological questions we could answer with easy access to the OnionTip donation data and option selection. I'm very curious how donors are choosing to distribute their Bitcoin to the relays.
For instance:
1. Is OnionTip encouraging the type of network diversity we want? Do we want to suggest changes to the default donation mode to encourage better diversity?
2. UI is still confusing to me. Is this UI causing people to prefer a certain type of donation over others, where they probably shouldn't?
a. Is anyone actually using the Guard or Exit filters? If not, this means my super-cheap and unreliable FDC middle node will probably get me more OnionTip donations than either a more stable Guard node, or a more hassle-prone Exit node. This seems like an undesirable way to incentivize relay operation. Is it happening? Or are most people selecting Guard+Exit?
b. Are people taking advantage of the country selection dialog? Are they doing it in a way that is favoring underrepresented countries? Or are people just choosing countries based on the next World Cup match, the current Olympic gold medal count leader, or some other crazy notion that seems to make little sense to network diversity?
3. What are big donors doing? Do they always select the default choice?
a. If so, we should think waaay harder about what this choice is.
b. If not, what do they want? Do they like specific or strange countries? Do they like countries with the fewest relays? With the lowest current bandwidth? With the best laws? Do we agree with their choices, and want to make it easier for other donors to make them too? Or should we be concerned, and try to encourage other behavior?
c. Maybe only big donors get scammed with extra BTC destination addresses or a different transaction entirely? How can I see if other recent big donors have been scammed?
On 28/09/2014 03:28, Ed Carter wrote:
The process is completely transparent. All Bitcoin transactions are viewable by the public on the Bitcoin blockchain. The Bitcoin addresses are posted by the relay operators themselves in their contact info on their relay. I can confirm that I receive donations made to the address I posted on my relay.
My relay: https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2E...
Blockchain.info web page showing donations received to my address: http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.