CANNON:
>> These 2 bitcoin addresses are valid and all go to Tails:
>
> Thank you for the information. I wanted to confirm this as I was not
> sure what address to send a donation to.
:)
>> We send bitcoins to both addresses because we use them for different
>> things in the end. We control how frequently each address is being
>> displayed by some JavaScript on the page so we always have useful
>> amounts on both sides.
>
> You should consider that alot of people, particularly the kind that
> would donate to Tails, often have javascript disabled. I do not know
> what ratio of visitors would have javascript enabled vs disabled, but
> just something to keep in mind.
I don't know either which ratio of visitors this represent.
My bet is that it's around 10-20% but I have no data to prove it.
> Ideas on addressing javascript possibly being blocked.
> Idea 1
> Maybe a server side script such as PHP or something else that does not
> rely on javascript would mitigate this? Just offering ideas if this is a
> concern.
>
> Idea 2
> Another idea, maybe it would be possible to have a bitcoin smart contract
> or trustless way to have a single bitcoin address which would then split
> up payments in a desired ratio to other addresses.
> For example, lets say I have two addresses A, and B. I want 50% of
> donations to go to A, and 50% to go to B. I craft a bitcoin smart contract
> with address D that takes all inputs and sends outputs to A and B.
> If you have interest in this option, I could explore this possibility.
>> But it's very interesting to learn that you found this suspicious.
> I just thought it was suspicious at first, when I had one computer
> report a different address than what other computers where showing.
My main concern when dealing with this issue is cost-effectiveness.
I really appreciate all your ideas but they would represent a loooot
more work than improving the current web page to prevent at least part
of the confusion. So I'll try the cheaper versions first and escalate to
something more elaborated only if needed.
>> Do you have any idea on how to make it less suspicious will still
>> meeting our goals: have some very rough control on the fraction of
>> bitcoins that are sent to both addresses?
>
> Please see my comments above about possibly using a server side script or
> something that does not rely on javascript. Or maybe a smart contract
> that splits payments on a desired ratio. If you are concerned about
> ratios being off as a result of some or most people having javascript
> disabled.
>
>> I thought about always displaying both on the donation page but making
>> the preferred one appear first and look bigger. See attachment.
>
>> Would this have prevented your confusion?
>
>> Can you think of other options?
>
> That would probably work if you put a label next to the addresses. But
> having two addresses displayed at the same time might just confuse people
> of which one they should send to. But no matter what address is posted,
> I think it would be valuable to have a way for people to verify that address.
For the time being I changed the page to display both addresses when
JavaScript is disabled. I'll see if more people complain about this in
the future (as this behavior is also quite new).
> Ideas on more secure address verification
> Idea 1
> One idea I can think of, maybe have a "verify BTC address" link under the
> bitcoin address currenlty shown. This link would lead to a page that lists the
> ddress with an attached signature by a trusted PGP key.
That would work for people who know OpenPGP. I'll keep this in mind if
the issue is raised again in the future. For the time being, HTTPS is
enough for *us* to trust that the correct bitcoin addresses are
displayed to all the people who wouldn't do through the extra step of
verifying them using OpenPGP (the vast majority I guess).
> Idea 2
> There is also an idea of creating human readable "usernames" or aliases for
> BTC addresses. Like a secure DNS system but for any information. Namecoin
> could make this possible. Maybe grab a Namecoin ID and publish your btc
> address into that? Namecoin does have a documented standard for inputting crypto
> addresses. See https://wiki.namecoin.org/index.php?title=Identity#Examples
> However currently there are not many bitcoin wallets if any that currently
> integrate with namecoin. But there are other tools that can extract data from
> namecoin identites. Namecoin is really something that I think will be mainstream
> eventually, but why not be a pioneer in namecoin utilization to help make it
> mainstream?
>
> Or maybe both of these ideas?
>
> If the TAILS project wants some namecoin to experiment with, just let
> me know and I will give you some (If someone from TAILS PGP sign the namecoin
> address I should some NMC to and send to and email to me directly).
> Namecoin can also be used not just for bitcoin addresses, but also for creating a
> .bit domain name that would point to the TAILS website with also containing
> information on the site TLS cert.
> This would also be valuable to protect TAILS from censorship.
Namecoin sounds cool but I'd rather wait until it becomes more mainstream.
Thank you for following up!
--
sajolida