state of donations, new bitcoin address

[Brian Warner]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On behalf of the Tahoe-LAFS Software Foundation, I'm pleased to update
folks on the current state of our bitcoin donations, and to publish a
new donation address. Until recently, I was dreading making this update.
There's a story to tell :-).

We currently have 375.519076 BTC. There is another 3.97784278 BTC that
we expect to transfer in shortly.

# Episode 1: Attack Of The Coins

Peter (our boss back at AllMyData, where Tahoe originated) first
published a bitcoin donation address (13Grd..) to the wiki on August
21st, 2010, with an initial donation of 17 BTC ($1.19 at the time). The
address was updated a few days later (to 19jzB..).

In the first four months, we received 205 BTC. At the going price of
$0.24/BTC, this was worth $50. Our windfall would would buy us a couple
months of hosting, or some pizza, but not both. Since we didn't have any
particular plans for the funds, nobody really paid attention to them.

We continued to get an occasional donation: about one or two per month.
Each was for a small amount (in dollars). With the exception of two very
generous contributions ($617 in 2012, $432 in 2013), the mean value was
just $7, and the median was $3. The total value of all 74 donations
(2010 to the present) is $1568.07. I.e. if every donor bought BTC with
dollars from their pocket the moment before they made the donation, the
pockets gave up less than $1600.

Two and a half years passed, and the price of BTC grew by a factor of
100. In January of 2013, it was trading at $15/BTC, and we were sitting
on about $6000.

# Episode 2: Revenge of mkfs

And that's when we had some horrible news. I got a message from Peter,
who told me a sad story. The bitcoind wallet which held the private keys
was stored on a single laptop. A combination of errors resulted in that
laptop being erased and reformatted: miscommunication between the owners
of the laptop, lack of awareness of where the keys were held, and a
basic misperception of the value of those funds.

On January 29th 2013, we removed the donation key from the website to
discourage anybody from throwing further money into /dev/null.

Peter remembered making a few Time Machine backups of the drive in
question, but we didn't know where they were. One likely backup was
discovered to have been reformatted and filled with childrens cartoons.
The drives were imaged anyways, and I wrote forensic tools to scan the
unwritten sectors for bitcoind wallet-like values, but had no success.
Peter searched his house top to bottom, looking through over 50 hard
drives, trying to find the wallet.dat file. No luck.

Meanwhile, I prepared a new key, on an isolated machine, with no
machine-readable copies left lying around to be stolen. I distributed
hard copies, by hand, in sealed envelopes, to trusted backup custodians
on multiple continents. The plan was to write up a long (embarrasing)
blog post, announce the new key, explain how we would take more care
with it this time, and humbly apologize to those donors whose funds we
managed to lose.

However we never got around to publishing that key: I kept hoping we'd
find a recoverable backup somewhere, and we were all reluctant to admit
our mistakes. The embarrassment got worse as the price of BTC shot up
dramatically: at the peak (November 2013), it hit $1147/BTC, making this
a $430,000 accident. Ouch.

We managed to put the incident out of our collective minds for a few
years. Tahoe development continued on. Peter moved (twice). The price
dropped to its present (mostly-stable) value, about $410/BTC.

# Episode 3: A New Hope

But I'm glad to report the story has a happy ending. On 8-Jan-2016, I
got another message from Peter. Good news! He found a backup drive with
the private keys. In a moving box, buried underneath a pile of shoes.
Two houses later. I surveyed the custodians of the hand-delivered copies
of the key I prepared in 2013, and found that nobody could remember
where they put that envelope. Oh well.

I've created a new bitcoin key, following the same procedure, and
distributed it in a similar fashion. At least two copies are etched onto
stainless steel plates, in the hopes that the information might survive
a fire. And I'll be following up with the custodians to make sure they
keep track of the copies this time.

The new donation address, to which we have moved all the previous funds,
is:

  1PxiFvW1jyLM5T6Q1YhpkCLxUh3Fw8saF3

I've committed a file with a description of our donation key, how we
intend to use these funds (just hosting/registrar fees for now), and the
transparent accounting approach we plan to use, into the Tahoe source
tree, at:

 https://github.com/tahoe-lafs/tahoe-lafs/blob/master/docs/donations.rst

The file is signed by the Tahoe-LAFS GPG release-signing key. Potential
donors should check both properties (git commit and GPG signature)
before considering donating funds (the release-signing key is held only
by me, and checking in a file requires commit privileges).

# Advice For Others

Purely-digital currencies are exciting, but they stretch our human
intuitions about what qualifies as "valuable". We're used to wealth
having certain physical attributes: expensive things tend to be heavy,
shiny, intricate, fragile, pretty, or old. Even paper money has a
particular color, smell, and texture, and we're really good at tracking
it (quick: where is your wallet right now?).

But ECDSA private keys don't trigger the same protective instincts that
we'd apply to, say, a bar of gold. One sequence of 256 random bits looks
just as worthless as any other. And the cold hard unforgeability of
these keys means we can't rely upon other humans to get our money back
when we lose them.

Plus, we have no experience at all with things that grow in value by
four orders of magnitude, without any attention, in just three years.

So we have a cryptocurrency-tool UX task in front of us: to avoid
mistakes like the one we made, we must to either move these digital
assets into solid-feeling physical containers, or retrain our
perceptions to attach value to the key strings themselves.

One of the reasons I spent my weekend engraving secret words into metal
plates was to give them some heft: it's harder to treat something
carelessly when it feels solid in your hand. Maybe the next step is to
etch silver bars, or gold-electroplate some bricks ("heavy: check!
shiny: check! must be valuable"). Or write them on the back of a
classic-looking oil painting (old: check!), or on one of those mirrored
crystal orb sculptures you get at the mall (shiny+fragile: check!).
Anything to trigger our sense of "oh, I should keep track of this thing,
it's probably important".

But for now, I'm just relieved that Peter needed to look through those
shoes.

cheers,
 -Brian


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJW77GdAAoJEL3g0x1oZmp6FgoH/RmvNh/XYyw/hT66Kj8IEskQ
DOCky8i8lnEPfj949S4eDf2qDSsUVbpT870ixXP0quogmRUisTeQjtd/rS6Y8gaN
Wkn5z8GE+alfuAJkWxTHtaExASHFXCeiuJ5uMjEpKzbMb4xwO/FjJhz94XFrgZg7
RvndiQo/V8T5p0kyViSFOW4VHkq/p4QtS6QiKDPDDJdGWeZw3iLUhlrXlT1J+AKD
p3SfC41VFRXs4vvmonheXqJo9baJj391BKEHU1/EPOAKkXdNXQwvESqlTGSghug2
QB+lFiaCrr9oeQPeaYLx9EY5yer/vA7Z17LrmI9r44zuMX+UdkjrI5ubGxoIo+Y=
=q9+r
-----END PGP SIGNATURE-----