CellularPrivacy / Android-IMSI-Catcher-Detector

AIMSICD • Fight IMSI-Catcher, StingRay and silent SMS!
GNU General Public License v3.0
4.69k stars 941 forks source link

Reconsider DarkCoin as a donation option #74

Closed andr3jx closed 9 years ago

andr3jx commented 10 years ago

Hi, I want you to reconsider accepting DarkCoin donations because DarkCoins are more or less like Bitcoins only much less known, less widespread and harder to get. I know you choose DarkCoins because they are marketed with an "Encrypted transaction network" and "Anonymous blockchain using coinjoin technology" but both features are as far as I understood not really ready.

I suggest that @SecUpwN creates a bitcoin wallet which he manages for bitcoin donations. If you want to send an anonymous bitcoin donation you can fire up TOR Browser and create a wallet on sharedcoin.com or bitcoinchain.info. You send the amount you want to donate to your sharedcoin / bitcoinchain -wallet and once the bitcoins are available you do a transaction to the donation-wallet. You need to use the option "Shared Coin" and choose how many "repetitions" you want to make the transaction hard to trace. Shared Coin is based on CoinJoin which is used in DarkCoin.

E3V3A commented 10 years ago

@SecUpwN @andr3jx The possible problem with DarkCoin is that it hasn't been well vetted by wide use. Personally I have not had time to look into the details. Eventually I'd also like to see Bitcoin and Paypal as options for donations, but nobody has been willing to stick their head out to allow for this, so far. Once the app reaches working beta status, and after having gone public, I'd probably be fine with setting up our own accounts.

The best place to read and learn about various crypto-currencies is Bitcoin Talk. Also DarkCoin is probably not as anonymous as they like you to think. In addition the crypto-coin cummunity is less than convinced about DarkCoin, but only time will tell and we need a way for people to donate to developers and project.

SecUpwN commented 10 years ago

Dear @andr3jx, thanks for your feedback on my work to find a service through which we can accomplish anonymous donations. First of all, I have to say that I really feel some sort of anger: The discussion on which service to use has been around since day 1 of our project and was also the very first Issue #1 created. But now, after 160 people following our project and about 60 Issues closed, DarkCoin is suddenly not "the right choice". Ok, now you know how I feel. Let's get back to our less emotional discussion.

When I reviewed all possible options to make and receive donations that are as anonymous as possible, the first services that have been nuked by myself as options were BitCoin and Paypal. Let me clarify (also for @E3V3A): I know for a fact that our Project is being closely monitored by several agencies, including manufacturers of IMSI-Catchers which are in close cooperation with secret agencies and FBI, Police and you name it. Both BitCoin and PayPal are perfectly traceable by anyone willing to invest some time and power, especially those forces monitoring us. I do NOT want any developer to get in trouble when developing for us, nor when receiving or making a donation. I know that DarkCoin is not a perfect solution (yet), but since it offers an easy and extremely secure way to donate, I currently consider this to be our best choice. Why do I think so? Well, here are some specifications of their service:

* 0.00000% Pre-mined
* Super secure hashing algorithm: 11 rounds of scientific hashing functions (blake, bmw, groestl, jh, keccak, skein, luffa, cubehash, shavite, simd, echo)
* Block reward: controlled by 2222222/(((Difficulty+2600)/9)^2)
* Block generation: 2.5 minutes
* Difficulty: retargets every minute using Dark Gravity Wave
* Supply: estimated 22 million maximum coins
* Superior transaction anonymity using DarkSend: RC1 testing on MainNet

Feel free to check out DarkCoin and Degree of Anonymity. This alone did not convince me, but rather multiple recommendations of close friends as well as other developers I know and many articles which where about "DarkCoin being bad because it's too anonymous" and "DarkCoin to be only used by criminals" - those also fired up my curiosity. Are we criminals? No, not at all. But I must admit that I consider BitCoin and Paypal to be the most dangerous options we could ever think of! Especially PayPal has no value to me. Or have you ever heard of whistleblowers using this service?

Coming back to your initial reasons on why we should reconsider using DarkCoin, you said that DarkCoins are "more or less like BitCoins, only much less known, less widespread and harder to get". And yet, you recommend me to create a BitCoin wallet and tell everyone wanting to donate to sit behind some anonymous proxy service like Tor to make a donation? Sounds strange. I mean, DarkCoins can be mined (also on *nix-Systems) and even exchanged - so I don't see much of a difficulty getting hands on those. Of course, this whole donation thingy is still in a bleeding alpha state, but in my eyes, It'll work out just great.

To sum it up, I would prefer staying with DarkCoin until we gave it a few shots and some "better, much more anonymous service" can be recommended. It's not like we have had huge donations already (in fact, noone has donated yet) - but those who DO decide to donate to our Project, deserve maximum protection. And that's not what I see in BitCoin, PayPal or any other service out there in the long run. Let's just see DarkCoin as a test, not a final solution (yet). I'd be happy if you give it a try and closely monitor how it progresses, while not setting up yet another service like a BitCoin wallet or PayPal account. THANK YOU!

E3V3A commented 10 years ago

@SecUpwN @andr3jx Any crypto-currency come with a high risk of fraud and manipulation, until proven otherwise by time and research. There are literally several hundreds, if not more, of various crypt-coins out there. Check the links above. Only a handful have been approved partially by the community. In addition the government & banking trolls are doing everything in their power to keep people from trusting in crypto-currencies, for obvious reasons. We choose one, and we'll try it, if it sucks, then we change, simple as that.

SecUpwN commented 10 years ago

Perfect solution. Nothing to add to that, @E3V3A. :+1:

andr3jx commented 10 years ago

Hi, maybe the title of this issue should be "Reconsider DarkCoin as the only donation option". I personally would like to donate in Bitcoins and you can exchange them to Darkcoins if you want. You can still offer the option to donate in Darkcoins, there is no problem with that. Everybody should decide for himself.

As you pointed out Bitcoin transactions can be traced so I explained a way to make it harder to do this. The solution with Tor and Share Coin is relative convenient but even their FAQ says "Shared Coin can never completely sever the link between the input and destination address, there will always be a connection between them, it is just more difficult to analyse." So we can't rule out that given enough time the donation can be traced to the donator wallet. Another option to make your wallet hard to trace is to use a bitcoin laundering service.

I don't like the fact that nobody wants to stand with his real name for this project. There is nothing wrong with what we do. Even if the IMSI-Catcher guys monitor the project, what should they do? Paypal donations are only an option if someone is ready to take full responsibility for the project.

Another option to make an anonymous donation is to buy something like a PaysafeCard / Ukash and to send the code to you. You can use this money to buy bitcoins / darkcoins or pay the devs direct with the code.

SecUpwN commented 10 years ago

@andr3jx, I must admit that your response makes me wonder of why you are asking these things. Are you working for one of these IMSI-Catcher manufacturers or some other agency? It certainly seems like you're recommending options which can easily expose our real identities, even revealing our clear names is out of the question! But I do understand your point that it's not quite convenient if we only offer donations via DarkCoin, but in fact I DO stand 100% behind this project - and that is why I feel responsible not only for the safety of people who contribute or donate, but also for ourselves. And that is exactly the reason why I strongly believe it is not a good idea to open up a PayPal account or to even post with our clear names on GitHub and alike. It's a dangerous world out there, I'm sick of the threats that people have to face just to make this world better - and why even risk exposure of our real identities?

If you really want to donate, feel free to exchange your BitCoins into DarkCoin and we'll gladly accept them. To make my point clear: I will stay with DarkCoin for now and will not open up any BitCoin wallet and for sure never a PayPal account for donations to this project. On the other side, I am willing to accept PaySafeCards and alike (when they can be bought from any local shop or gas station without having to register anywhere) and also if we find a service that can transform these codes into DarkCoin.

One thing that I really don't get is why you "don't like" that nobody is standing up with their real name for this project. The people behind this project are people with family, do have real jobs and a life - I do NOT want to expose them to any risk at all when developing for us or doing any other thing in connection with this Project. As you already stated, there is nothing wrong with what we do. Of course not - but there are people and companies out there, that really do not think the same and are willing to invest their powers into doing harmful things to individuals who do not do as they want. Furthermore, this Project and its App also aims to be available for people living in countries with corrupt governments and dictatorships to protect themselves from those. Anonymity is crucial for our Project and the people behind it. I hope you get my point and understand what I try to bring across. Feel free to send us your first Donation!

E3V3A commented 10 years ago

@andr3jx Thanks for your input. We'll have a look into the Paysafe/Ukash options. I'll be the one who will come forward once we have a working beta version. When that happens I will also open all other options for donations, which means part of the donations will go straight to EFF as I have promised in the XDA thread. Until then, there is nothing to come forward with. Unfortunately, there are "agents" out there who are ready to pay good sums, to not have this application working. Which is also, why we need more developers to spread our development investment risk.

andr3jx commented 10 years ago

OK, I get your point. I don't know if we exaggerate the threat from the IMSI-Catcher guys but if you feel this precautions are necessary, let's stick to it. In this case I will take one more inconvenient step and exchange my Bitcoins to Darkcoins and send them to you (don't expect much). In this case you might want to explain in our wiki where people should exchange their Bitcoins into Darkcoins and don't forget to mention they should use Tor for this. And no, I don't work for the IMSI-Catcher guys, you know me from XDA ;)

SecUpwN commented 10 years ago

Thank you for your clarification, @andr3jx. We may seem a little paranoid here, but that's obviously part of working on this important Project. I'll update the WIKI soon and am VERY thankful if you really donate!

10 PM: @E3V3A, I just received our FIRST DONATION of 1.37885704 DRK. Get a DarkCoin address!

andr3jx commented 10 years ago

You're welcome! ;) A little time-consuming the whole procedure. Now I hope this won't be our last donation.

SecUpwN commented 10 years ago

Are you the one who were the first donator, @andr3jx? If so, I'll mention you in our CREDITS now. :+1:

andr3jx commented 10 years ago

Thanks, in this case please add that I'm also InvaderX on XDA ;)

E3V3A commented 10 years ago

@andr3jx I have no idea of the value of that donation, but you have just earned a bottle of your choice at the nearest bar, if we ever have a chance to meet. Thanks a lot! @SecUpwN Where do I find the current exchange rate for DarkCoin?

SecUpwN commented 10 years ago

Hey @E3V3A, here is a list of possible Exchanges.

E3V3A commented 10 years ago

@SecUpwN Thanks, added to XDA OP.

SecUpwN commented 9 years ago

@E3V3A, @andr3jx, @tobykurien, @Ueland and @He3556: I am reopening this Issue since due to the hardware crash I explained to you via our internal chats have no access to our old DarkCoin address any longer. It actually a sad thing but also a chance for us to really reconsider how donations to our project will be handled in the future. @E3V3A, please remove the donation method from our XDA thread and anywhere else. I do not want people to donate to that address and money vanishing in outer space. So here are my own (possibly hard) criteria to be passed for any donation option:

Last general question: Isn't there some way to mention all collaborators at once?

SecUpwN commented 9 years ago

@ukanth, I just noticed you're using Gratipay for your AFWall+, where it says you give and receive anonymously. Would you please be so nice and give some feedback here? I am still evaluating the best option for our own developers and contributors to collect and send some small funding. Also, I aim to be able to support the organizations mentioned in our README through that. Thanks for taking the time!

ukanth commented 9 years ago

@SecUpwN , I registered to see the service when it was called gittip. I never received/donated any amount as it doesn't support NON-US accounts/cards. It may be suitable for US only account holders.

SecUpwN commented 9 years ago

I registered to see the service when it was called gittip. I never received/donated any amount as it doesn't support NON-US accounts/cards. It may be suitable for US only account holders.

@ukanth, thanks for stating this. It's a no-brainer that we won't be using it then. Any other services that are as open as possible and support anonymous receiving/sending to numerous other services?

alanthehat commented 9 years ago

Whilst I understand an absolute requirement for developers to maintain anonymity I am comfortable with the idea of using my money to register a public vote against governments & other criminals attempting to spy on me or subvert my equipment.

Some way of accepting open donations is very much wanted. Is there a crowd-funding service that will pass on monies anonymously?

SecUpwN commented 9 years ago

Is there a crowd-funding service that will pass on monies anonymously?

Hi there, @alanthehat! Thank you for chiming in. Personally, I consider this Issue to be one of the most important, but sadly have not yet found a service that supports open donations from numerous sources while passing on the money anonymously. Of course we could always register at some service that is not fully anonymous, but I intend to support privacy-minded organizations like EFF, The Guardian Project, Privacy International, possible whistleblowers and similar organizations. Also, I would like to add some sort of banner to our README that would always show much money is currently in the cup. All of that is a pretty tough challenge to solve - feel invited to digg the web to find it, we would very much appreciate it!

alanthehat commented 9 years ago

Hmm, I would expect that the organizations that you link have (at least access to) anonymous funding channels.

SecUpwN commented 9 years ago

@alanthehat, unfortunately not. They're either using PayPal, BitCoin or Credit Cards. None of these are really an option for us. We'd like to find a service (preferrably open source) through which users can decide on how to donate (PayPal, Credit Card, BitCpin, direct payments, anonymous payments) and the money collected should be (preferrably) untraceable afterwards. We do not want to risk anyone donating to our cause to get difficulties in their country or at work.

SecUpwN commented 9 years ago

A few days ago, when cleaning our repository with the awesome BFG Repo-Cleaner by @rtyley, I have discovered that he uses Bountysource. It looks great, but I would like to have some feedback of you guys (especially @He3556, @tobykurien, @banjaxbanjo and @DimaKoz) if it does meet the needs we have been talking about so extensively in this Issue. I am open for further suggestions to finally find a service that works well, supports anonymous donations and does enable a fair funding for developers.

rappo commented 9 years ago

Hi all, I'm from Bountysource.com and was sent here to publicly respond to a few questions from @SecUpwN. As a note, I did not read the thread (yet) as there's a lot to it and I wanted to get a reply right away. Here are the questions sent to support@bountysource.com with my answers:

Is there a way to donate anonymously?

All payments require a Bountysource account. Paypal transactions are also tied to your Paypal account for obvious reasons. BTC payments are processed by Coinbase and may also be tied to your Coinbase account (if you have/use one). We have discussed possible BTC donations that don't require a Bountysource account, but this is not a high priority and may never happen.

Is Bountysource good for whistleblowers?

I'm not sure exactly how to answer this. The members of the Bountysource team are supporters of open-source, advocates for privacy, and love crypto-currency. That said, we do everything within the confines of the law and have built a legitimate business. If there are laws in place that allow us to help protect whistleblowers, we will take advantage of that. If a situation came up, my first reaction would be to reach out to an organization like the EFF for guidance. Maybe if you had a more specific question I could better answer.

Can people also donate money via PayPal?

Yes, definitely! Paypal and BTC are accepted for bounties and team contributions. Paypal and Credit Card are accepted for our new sustained-funding feature, Salt (see https://salt.bountysource.com/teams/neovim for an example)

Would you please add Dark Coin to your options?

Honestly, this is unlikely. We've only had a couple requests for Darkcoin and the implementation cost of adding it would not be something we can handle at the moment. Add to it the fact that BTC makes up a small portion of our revenue compared to Paypal, and there's little incentive for us to do it. We do use Coinbase as our BTC payment processor -- if they were to add features that allowed us to accept altcoins easily, I would certainly consider it.

DimaKoz commented 9 years ago

via PayPal https://developer.paypal.com/docs/classic/mobile/ht_mpl-itemPayment-Android/

I can try to add a Pay with PayPal button in our app. It is interesting to implement. What are your decisions?

ghost commented 9 years ago

Donations would definitely bring more devs and give people more incentive to code on project.

SecUpwN commented 9 years ago

Thank you so much for replying on my questions, @rappo! I see that Bountysource is a great platform, but do I have to open up a PayPal account for it? PayPal requires a bank verification and since I all about staying anonymous (since we're coding a tool to detect heavy technology of the state), I am not sure I can sign up for your service without giving up my anonymity. Which other possibilities do I have?

Donations would definitely bring more devs and give people more incentive to code on project.

That is one of the main reasons I consider this Issue so important. I feel guilty when people add code, invest time and get pissed when not getting anything back other than our APK + more coding requests.

I can try to add a Pay with PayPal button in our app.

Please don't do so. We have to agree on a service here first, then we can discuss the right button.

DimaKoz commented 9 years ago

Just as an idea, I can offer to implement a simple application for donations through Google Play. For most users, android payment through it will not cause difficulties. For example, you can see here: https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en https://play.google.com/store/apps/details?id=eu.chainfire.supersu.pro&hl=en

SecUpwN commented 9 years ago

Just as an idea, I can offer to implement a simple application for donations through Google Play.

Thanks for the neat idea, maybe something we can also consider for #202. But donating should not be only possible via one service. Furthermore, I am really still not sure if I want our app to be on GooglePlay since we are standing strong against it. I really want everyone to be able to donate via numerous ways.

DimaKoz commented 9 years ago

Google does not make a lot of things, very long time, including a fix their bugs, unfortunately. Do not use Google market, we are losing a lot of users. On the other side the application on Google Play should not have other methods of payment other than only through Google Play. Therefore, if you decide to get a huge market for our application, we will have the following problem. We will need to maintain two versions of the actual build of the application:

As SecUpwN said:

PayPal requires a bank verification and since I all about staying anonymous

Authorize necessary in most systems to obtain money (except maybe Bitcoin)

E3V3A commented 9 years ago

I think what Sec said, is that we've been thinking to provide an AIMSICD wrapper/downloader on GP. That way we will be both present there, and people can still download our app (using the downloader standalone) and donate, all without actually having our latest built apps messed up by Google spyware bloat etc.

SecUpwN commented 9 years ago

@DimaKoz, have you had a look at Bountysource yet? I am specifically looking for something like that, a service that is able to make people vote and donate on Issues. They also offer a browser extension, that way people can support developers during their usual GitHub use and show us what to prioritize next.

The only thing I am currently having a problem with, is that it seems that I have to reveal my real identity. How can I protect my identity after I have signed up with your service, @rappo? Anonymous donations?

SecUpwN commented 9 years ago

@andr3jx, @He3556, @DimaKoz and @E3V3A, check this out: Bountysource

The neat thing is that I can enable Bountysource to automatically modify the title and footer of our Issues to display the amount of a bounty that may be available for an Issue. The developers who fixed the Issue automatically get the split amount of the bounty - if you fixed it yourself, you get the whole bounty!

I am currently testing it and am playing with the idea of replacing one of those buttons from our About page with the link to our donation page. Please have a look at Bountysource, everyone. I want this important Issue to be solved properly, thus encouraging high-quality coders to continue adding their code to our app. Let me know when I shall craft a public announcement on Twitter that we use it. Or, if you really don't like Bountysource, tell me the reasons here and lets continue finding another service.

UPDATE: I have just added the public badge with https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/commit/c2036058ca2d61f88d3610dee2e5c7efe4197b68 and updated our WIKI. Issue solved?

E3V3A commented 9 years ago

Great initiative! We need this.

SecUpwN commented 9 years ago

Great initiative! We need this.

Thanks. I consider this Issue as solved now and will publicly announce this via Twitter.