[tor-relays] Oniontip

Mike Perry mikeperry at torproject.org
Sun Sep 28 09:32:56 UTC 2014 

Thomas White:
> Hmmm... appears to be have been upgraded since I last checked then
> (which was only a few weeks ago!). Nicely done oniontip. I stand
> corrected.

Well, my original ask was for everyone to be able to verify that all
12.36 BTC that oniontip has received (as of right now) has actually been
distributed how the users have asked. 

I suppose that since individual users can easily inspect that their
donation has gone to the relays they selected (by looking at
blockchain.info for their one-time use address), it is unlikely that the
system will get away with cheating for long. But it is still hard for a
new donor to tell if any other donors have been swindled recently, using
simple blockchain inspection. They basically have to click around on the
individual relay recipient keys to make sure everything looks legit.

This makes me nervous in terms of endorsement. I can easily see hundreds
of users getting swindled before one of them suddenly realizes that
there is an extra bitcoin address in their transactions that is not in
the original relay list they selected, or that the actual bitcoin
distribution was slightly different than what they selected. If all
users could inspect all donations easily, this type of compromise would
be found quicker.

Ideally, it would be possible to verify all of these questions (and many
more) with only the blockchain. For instance, a comment in the bitcoin
transaction could indicate the OnionTip options selected, and a single
page on the website could allow us to view all donations to the system.


Beyond this, I think there are actually interesting sociological
questions we could answer with easy access to the OnionTip donation data
and option selection. I'm very curious how donors are choosing to
distribute their Bitcoin to the relays.

For instance:

1. Is OnionTip encouraging the type of network diversity we want? Do we
   want to suggest changes to the default donation mode to encourage
   better diversity?
   
2. UI is still confusing to me. Is this UI causing people to prefer a
   certain type of donation over others, where they probably shouldn't?

   a. Is anyone actually using the Guard or Exit filters? If not, this
      means my super-cheap and unreliable FDC middle node will probably
      get me more OnionTip donations than either a more stable Guard
      node, or a more hassle-prone Exit node. This seems like an
      undesirable way to incentivize relay operation. Is it happening?
      Or are most people selecting Guard+Exit?
 
   b. Are people taking advantage of the country selection dialog? Are
      they doing it in a way that is favoring underrepresented countries?
      Or are people just choosing countries based on the next World Cup
      match, the current Olympic gold medal count leader, or some other
      crazy notion that seems to make little sense to network diversity?

3. What are big donors doing? Do they always select the default choice? 

   a. If so, we should think waaay harder about what this choice is.

   b. If not, what do they want? Do they like specific or strange
      countries? Do they like countries with the fewest relays? With the
      lowest current bandwidth? With the best laws? Do we agree with
      their choices, and want to make it easier for other donors to make
      them too? Or should we be concerned, and try to encourage other
      behavior?

   c. Maybe only big donors get scammed with extra BTC destination
      addresses or a different transaction entirely? How can I see if
      other recent big donors have been scammed?




> On 28/09/2014 03:28, Ed Carter wrote:
> > The process is completely transparent.  All Bitcoin transactions
> > are viewable by the public on the Bitcoin blockchain.  The Bitcoin
> > addresses are posted by the relay operators themselves in their
> > contact info on their relay.  I can confirm that I receive
> > donations made to the address I posted on my relay.
> > 
> > My relay: 
> > https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2EA
> >
> >  Blockchain.info web page showing donations received to my
> > address: 
> > http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
> > 
> >> My concern (which has been highlighted before by Mike Perry) is
> >> that the site lacks accountability and transparency. There is no
> >> way to verify the donations actually reach the operators.

-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140928/5601c63f/attachment.sig>

More information about the tor-relays mailing list