bitcoin donations via BitPay don't work properly for tor users (BitPay uses Cloudflare)

steps to reproduce:

opened https://www.torproject.org clicked on Donate clicked on "Other Ways to Donate" entered amount to donate clicked on the "bitcoin donate now" button solve 3 captchas finally ended up on https://bitpay.com/checkout

That page says: " Oops... that page doesn't exist! If it seems like there should be something here, please let us know. "

https://lists.torproject.org/pipermail/tor-talk/2016-April/040750.html

BitPay will not disable CAPTCHA for tor users trying to donate to the torproject:

To answer your question: "would you be willing to disable CAPTCHAs for Tor users to make donations work out of the box? "

This was my first request to BitPay management. The answer was no. I then asked if we could offer a payment button that worked through Cloudflare and the answer was "not at this time".

I am very sorry to bring you this news. This issue is also very important to me personally. I think people should be able to donate bitcoin to the Tor Project from the Tor Browser without jumping through hoops, but this is the state of things at the moment.

added cloudflare component::webpages/website mitm owner::Sebastian parent::27132 priority::medium resolution::user disappeared severity::normal status::closed type::defect labels

Trac:
Component: - Select a component to User Experience/Website
Owner: N/A to Sebastian

Yikes! It's despicable that torproject is using bitpay! This is wrong on so many levels.

1. bitpay.com is insecure by design, MitM'd by CloudFlare.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835

2. CloudFlare is the most damaging adversary to the Tor community. It's an embarrassment that Torproject is willing to patronize a CloudFlare patron, while at the same time putting Tor users at risk to having their money jacked. Tor is supposed to improve security, not damage security.

Possible fixes:

• Dump bitpay immediately.

Unreasonable fixes:

• Fixing the bitpay transactions so that the Tor community sponsors their adversary and remains exposed to MitMs.

WTF!

Now that Bruce Schneier is on the board (welcome, Mr. Schneier), we expect a solid solution to this ticket that shows that our own house is in order.

What's the point in using bitpay in the first place?

Torproject should have it's own wallet, and that wallet should be offline, or at least not in the cloud. Torproject could simply publish the bitcoin address on the webpage.

Replying to cypherpunks:

What's the point in using bitpay in the first place?

Torproject should have it's own wallet, and that wallet should be offline, or at least not in the cloud. Torproject could simply publish the bitcoin address on the webpage.

It's hard for Tor to pass audit requirements and accept bitcoin. Immediate conversion to US dollars is one way of achieving this outcome.

But I agree, we could switch to another provider that allows donors to donate bitcoin, and pays out in US dollars (and doesn't use CloudFlare, or otherwise block Tor).

Do you know of any?

Tough question. A vast majority of btc exchangers are CloudFlare.

Another problem with the donation mechanism is that it gives a margin to bitpay and donors are not told up front. A bitcoin donor would expect 100% of their btc to go to torproject, which torproject could then store and spend directly as needed.

Perhaps whaleclub.co can simulate the effect of storing bitcoin. Whaleclub is a broker that only accepts bitcoin deposits and bitcoin withdrawals, and doesn't use any CDN (so no MitM). A btc contribution could be immediately converted to USD, gold, or stock, and be stored as such. Then when torproject needs to spend bitcoin, they could convert the USD or whatever back into bitcoin the moment spending it is needed. Does this help?

A few other bitcoin sites that don't use CF:

FXChoice, TradersWay, 796.com

796.com uses Incapsula as a CDN.

xCFD: I hesitate to mention them, because they outsource the btc->usd conversion to gocoin.com, and gocoin.com is a cloudflare site. Cloudflare seems to be bypassed by xCFD. But in any case, it's still not good to feed a CF site so xCFD should be a last option.

I'm not necessarily endorsing these sites as I don't use them, but they should be examined. I suggest starting with Whaleclub, FXChoice, and TradersWay.

Possible Whaleclub+bitsquare approach

BTC donations immediately deposited and converted to USD (for example). Since it's stored as fiat money and accounted as such. Assuming that satisfies audit requirements, it can be stored that way. Then to get the money out, you must have staff who would accept part of their paychecks in btc, so you trade USD for BTC and direct the btc to staff wallets.

Alternatively, the bleeding-edge option is to use (very Tor-friendly) bitsquare (a decentralized p2p btc platform). It's still experimental, but when it's in full swing torproject could offer btc sale orders on it. When someone accepts, torproject could convert the USD to btc on whaleclub, withdraw, and push it straight to the bitsquare txn.

The Bitsquare platform is designed specifically for Tor, and thus promotes Tor. So Torproject should reciprocate. Particularly when most bitcoin exchangers (incl. bitpay) piss on Tor users.

This is not really a website ticket, instead it should be brought up with the execdir. The website only reflects what Tor as an org is supporting atm. I'm sorry I don't have a better solution for you

Trac:
Resolution: N/A to invalid
Status: new to closed

#24351

Trac:
Status: closed to reopened
Resolution: invalid to N/A

Trac:
Keywords: N/A deleted, cloudflare mitm added

Trac:
Parent: N/A to #27132 (moved)

Does anyone know whether this is still an issue?

Trac:
Cc: N/A to sstevenson

Closing this until I hear it's still an issue

Trac:
Status: reopened to closed
Resolution: N/A to user disappeared

closed

moved to tpo/web/trac#18911 (closed)