state of donations, new bitcoin address

Mon Mar 21 16:39:18 UTC 2016

I think it would be more responsible to store your donations in an m of n
multisig account rather than we a single backed up key. Ideally the
donation address would point there directly.

Coinbase Vault provides nice tooling and insurance around multsig and user
controlled keys. It seems like a responsible solution for a high value
bitcoin address.

Bitgo is designed more around using multisig to 2 factor auth a bitcoin
wallet rather than distribute control.

I'm not aware of a well maintained fully client side solution for this.

On Mon, Mar 21, 2016 at 4:34 AM, Brian Warner <warner at lothar.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
> On behalf of the Tahoe-LAFS Software Foundation, I'm pleased to update
> folks on the current state of our bitcoin donations, and to publish a
> new donation address. Until recently, I was dreading making this update.
> There's a story to tell :-).
>
> We currently have 375.519076 BTC. There is another 3.97784278 BTC that
> we expect to transfer in shortly.
>
> # Episode 1: Attack Of The Coins
>
> Peter (our boss back at AllMyData, where Tahoe originated) first
> published a bitcoin donation address (13Grd..) to the wiki on August
> 21st, 2010, with an initial donation of 17 BTC ($1.19 at the time). The
> address was updated a few days later (to 19jzB..).
>
> In the first four months, we received 205 BTC. At the going price of
> $0.24/BTC, this was worth $50. Our windfall would would buy us a couple
> months of hosting, or some pizza, but not both. Since we didn't have any
> particular plans for the funds, nobody really paid attention to them.
>
> We continued to get an occasional donation: about one or two per month.
> Each was for a small amount (in dollars). With the exception of two very
> generous contributions ($617 in 2012, $432 in 2013), the mean value was
> just $7, and the median was $3. The total value of all 74 donations
> (2010 to the present) is $1568.07. I.e. if every donor bought BTC with
> dollars from their pocket the moment before they made the donation, the
> pockets gave up less than $1600.
>
> Two and a half years passed, and the price of BTC grew by a factor of
> 100. In January of 2013, it was trading at $15/BTC, and we were sitting
> on about $6000.
>
> # Episode 2: Revenge of mkfs
>
> And that's when we had some horrible news. I got a message from Peter,
> who told me a sad story. The bitcoind wallet which held the private keys
> was stored on a single laptop. A combination of errors resulted in that
> laptop being erased and reformatted: miscommunication between the owners
> of the laptop, lack of awareness of where the keys were held, and a
> basic misperception of the value of those funds.
>
> On January 29th 2013, we removed the donation key from the website to
> discourage anybody from throwing further money into /dev/null.
>
> Peter remembered making a few Time Machine backups of the drive in
> question, but we didn't know where they were. One likely backup was
> discovered to have been reformatted and filled with childrens cartoons.
> The drives were imaged anyways, and I wrote forensic tools to scan the
> unwritten sectors for bitcoind wallet-like values, but had no success.
> Peter searched his house top to bottom, looking through over 50 hard
> drives, trying to find the wallet.dat file. No luck.
>
> Meanwhile, I prepared a new key, on an isolated machine, with no
> machine-readable copies left lying around to be stolen. I distributed
> hard copies, by hand, in sealed envelopes, to trusted backup custodians
> on multiple continents. The plan was to write up a long (embarrasing)
> blog post, announce the new key, explain how we would take more care
> with it this time, and humbly apologize to those donors whose funds we
> managed to lose.
>
> However we never got around to publishing that key: I kept hoping we'd
> find a recoverable backup somewhere, and we were all reluctant to admit
> our mistakes. The embarrassment got worse as the price of BTC shot up
> dramatically: at the peak (November 2013), it hit $1147/BTC, making this
> a $430,000 accident. Ouch.
>
> We managed to put the incident out of our collective minds for a few
> years. Tahoe development continued on. Peter moved (twice). The price
> dropped to its present (mostly-stable) value, about $410/BTC.
>
> # Episode 3: A New Hope
>
> But I'm glad to report the story has a happy ending. On 8-Jan-2016, I
> got another message from Peter. Good news! He found a backup drive with
> the private keys. In a moving box, buried underneath a pile of shoes.
> Two houses later. I surveyed the custodians of the hand-delivered copies
> of the key I prepared in 2013, and found that nobody could remember
> where they put that envelope. Oh well.
>
> I've created a new bitcoin key, following the same procedure, and
> distributed it in a similar fashion. At least two copies are etched onto
> stainless steel plates, in the hopes that the information might survive
> a fire. And I'll be following up with the custodians to make sure they
> keep track of the copies this time.
>
> The new donation address, to which we have moved all the previous funds,
> is:
>
>   1PxiFvW1jyLM5T6Q1YhpkCLxUh3Fw8saF3
>
> I've committed a file with a description of our donation key, how we
> intend to use these funds (just hosting/registrar fees for now), and the
> transparent accounting approach we plan to use, into the Tahoe source
> tree, at:
>
>  https://github.com/tahoe-lafs/tahoe-lafs/blob/master/docs/donations.rst
>
> The file is signed by the Tahoe-LAFS GPG release-signing key. Potential
> donors should check both properties (git commit and GPG signature)
> before considering donating funds (the release-signing key is held only
> by me, and checking in a file requires commit privileges).
>
> # Advice For Others
>
> Purely-digital currencies are exciting, but they stretch our human
> intuitions about what qualifies as "valuable". We're used to wealth
> having certain physical attributes: expensive things tend to be heavy,
> shiny, intricate, fragile, pretty, or old. Even paper money has a
> particular color, smell, and texture, and we're really good at tracking
> it (quick: where is your wallet right now?).
>
> But ECDSA private keys don't trigger the same protective instincts that
> we'd apply to, say, a bar of gold. One sequence of 256 random bits looks
> just as worthless as any other. And the cold hard unforgeability of
> these keys means we can't rely upon other humans to get our money back
> when we lose them.
>
> Plus, we have no experience at all with things that grow in value by
> four orders of magnitude, without any attention, in just three years.
>
> So we have a cryptocurrency-tool UX task in front of us: to avoid
> mistakes like the one we made, we must to either move these digital
> assets into solid-feeling physical containers, or retrain our
> perceptions to attach value to the key strings themselves.
>
> One of the reasons I spent my weekend engraving secret words into metal
> plates was to give them some heft: it's harder to treat something
> carelessly when it feels solid in your hand. Maybe the next step is to
> etch silver bars, or gold-electroplate some bricks ("heavy: check!
> shiny: check! must be valuable"). Or write them on the back of a
> classic-looking oil painting (old: check!), or on one of those mirrored
> crystal orb sculptures you get at the mall (shiny+fragile: check!).
> Anything to trigger our sense of "oh, I should keep track of this thing,
> it's probably important".
>
> But for now, I'm just relieved that Peter needed to look through those
> shoes.
>
> cheers,
>  -Brian
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBCAAGBQJW77GdAAoJEL3g0x1oZmp6FgoH/RmvNh/XYyw/hT66Kj8IEskQ
> DOCky8i8lnEPfj949S4eDf2qDSsUVbpT870ixXP0quogmRUisTeQjtd/rS6Y8gaN
> Wkn5z8GE+alfuAJkWxTHtaExASHFXCeiuJ5uMjEpKzbMb4xwO/FjJhz94XFrgZg7
> RvndiQo/V8T5p0kyViSFOW4VHkq/p4QtS6QiKDPDDJdGWeZw3iLUhlrXlT1J+AKD
> p3SfC41VFRXs4vvmonheXqJo9baJj391BKEHU1/EPOAKkXdNXQwvESqlTGSghug2
> QB+lFiaCrr9oeQPeaYLx9EY5yer/vA7Z17LrmI9r44zuMX+UdkjrI5ubGxoIo+Y=
> =q9+r
> -----END PGP SIGNATURE-----
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20160321/bd3f6de1/attachment.html>