Opened 4 years ago

Closed 14 months ago

#18911 closed defect (user disappeared)

bitcoin donations via BitPay don't work properly for tor users (BitPay uses Cloudflare)

Reported by: cypherpunks Owned by: Sebastian
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Normal Keywords: cloudflare mitm
Cc: sstevenson Actual Points:
Parent ID: #27132 Points:
Reviewer: Sponsor:


steps to reproduce:

clicked on Donate
clicked on "Other Ways to Donate"
entered amount to donate
clicked on the "bitcoin donate now" button
solve 3 captchas
finally ended up on

That page says:
Oops... that page doesn't exist!
If it seems like there should be something here, please let us know.

BitPay will not disable CAPTCHA for tor users trying to donate to the torproject:

To answer your question:
"would you be willing to disable CAPTCHAs for Tor users to make donations work out of the box? "

This was my first request to BitPay management. The answer was no. I then asked if we could offer a payment button that worked through Cloudflare and the answer was "not at this time".

I am very sorry to bring you this news. This issue is also very important to me personally. I think people should be able to donate bitcoin to the Tor Project from the Tor Browser without jumping through hoops, but this is the state of things at the moment.

Child Tickets

Change History (12)

comment:1 Changed 4 years ago by cypherpunks

Component: - Select a componentUser Experience/Website
Owner: set to Sebastian

comment:2 Changed 4 years ago by cypherpunks

Yikes! It's despicable that torproject is using bitpay! This is wrong on so many levels.

1) is insecure by design, MitM'd by CloudFlare.

2) CloudFlare is the most damaging adversary to the Tor community. It's an embarrassment that Torproject is willing to patronize a CloudFlare patron, while at the same time putting Tor users at risk to having their money jacked. Tor is supposed to improve security, not damage security.

Possible fixes:

  • Dump bitpay immediately.

Unreasonable fixes:

  • Fixing the bitpay transactions so that the Tor community sponsors their adversary and remains exposed to MitMs.


Now that Bruce Schneier is on the board (welcome, Mr. Schneier), we expect a solid solution to this ticket that shows that our own house is in order.

comment:3 Changed 4 years ago by cypherpunks

What's the point in using bitpay in the first place?

Torproject should have it's own wallet, and that wallet should be offline, or at least not in the cloud. Torproject could simply publish the bitcoin address on the webpage.

comment:4 in reply to:  3 Changed 4 years ago by teor

Replying to cypherpunks:

What's the point in using bitpay in the first place?

Torproject should have it's own wallet, and that wallet should be offline, or at least not in the cloud. Torproject could simply publish the bitcoin address on the webpage.

It's hard for Tor to pass audit requirements and accept bitcoin.
Immediate conversion to US dollars is one way of achieving this outcome.

But I agree, we could switch to another provider that allows donors to donate bitcoin, and pays out in US dollars (and doesn't use CloudFlare, or otherwise block Tor).

Do you know of any?

comment:5 Changed 4 years ago by cypherpunks

Tough question. A vast majority of btc exchangers are CloudFlare.

Another problem with the donation mechanism is that it gives a margin to bitpay and donors are not told up front. A bitcoin donor would expect 100% of their btc to go to torproject, which torproject could then store and spend directly as needed.

Perhaps can simulate the effect of storing bitcoin. Whaleclub is a broker that only accepts bitcoin deposits and bitcoin withdrawals, and doesn't use any CDN (so no MitM). A btc contribution could be immediately converted to USD, gold, or stock, and be stored as such. Then when torproject needs to spend bitcoin, they could convert the USD or whatever back into bitcoin the moment spending it is needed. Does this help?

A few other bitcoin sites that don't use CF:

FXChoice, TradersWay, uses Incapsula as a CDN.

xCFD: I hesitate to mention them, because they outsource the btc->usd conversion to, and is a cloudflare site. Cloudflare seems to be bypassed by xCFD. But in any case, it's still not good to feed a CF site so xCFD should be a last option.

I'm not necessarily endorsing these sites as I don't use them, but they should be examined. I suggest starting with Whaleclub, FXChoice, and TradersWay.

comment:6 Changed 4 years ago by cypherpunks

*Possible Whaleclub+bitsquare approach*

BTC donations immediately deposited and converted to USD (for example). Since it's stored as fiat money and accounted as such. Assuming that satisfies audit requirements, it can be stored that way. Then to get the money out, you must have staff who would accept part of their paychecks in btc, so you trade USD for BTC and direct the btc to staff wallets.

Alternatively, the bleeding-edge option is to use (very Tor-friendly) bitsquare (a decentralized p2p btc platform). It's still experimental, but when it's in full swing torproject could offer btc sale orders on it. When someone accepts, torproject could convert the USD to btc on whaleclub, withdraw, and push it straight to the bitsquare txn.

The Bitsquare platform is designed specifically for Tor, and thus promotes Tor. So Torproject should reciprocate. Particularly when most bitcoin exchangers (incl. bitpay) piss on Tor users.

comment:7 Changed 4 years ago by Sebastian

Resolution: invalid
Status: newclosed

This is not really a website ticket, instead it should be brought up with the execdir. The website only reflects what Tor as an org is supporting atm. I'm sorry I don't have a better solution for you

comment:8 Changed 2 years ago by cypherpunks

Resolution: invalid
Status: closedreopened

comment:9 Changed 2 years ago by cypherpunks

Keywords: cloudflare mitm added

comment:10 Changed 2 years ago by traumschule

Parent ID: #27132

comment:11 Changed 15 months ago by pili

Cc: sstevenson added

Does anyone know whether this is still an issue?

comment:12 Changed 14 months ago by pili

Resolution: user disappeared
Status: reopenedclosed

Closing this until I hear it's still an issue

Note: See TracTickets for help on using tickets.