Introducing Bitrated: Bitcoin Arbitration Marketplace

6 minute read

Posted by: DeepDotWeb

February 17, 2014

One of the most needed things in the DarkNetMarket Scene, is without a doubt, more Multisig based services, few days ago we were introduced to some open source and 100% free solution for arbitration services in bitcoin transactions using multisigs, the service is called Bitrated and it can be accessed here:

Service Name:  Bitrated
Service Url: https://www.bitrated.com/

It turned out that we are more or less familiar with the creator of this service and we pretty much know that they are reliable, so we decided doing a short interview with them and try to cover most of the frequently asked questions about this type of services with the hope it can be used to help reduced scamming, enjoy:

How does it work? (2 way – 3 way)

Basically, multi-signature, when used for arbitration, works by creating a 2-of-3 multisig that the payment is deposited to. There are three parties involved – the buyer, the seller and the arbitrator. Two of those three have to cooperate in order to release the payment.

To give a more tangible example, lets say Bob wants to buy something from Alice, and they both trust Trent as an arbitrator that can mediate disputes. Bob deposits his payment to a 2-of-3 multisig address with the
public keys of Bob, Alice and Trent. Alice can verify the payment was made and that the payment is “locked” in the multisig deposit, and ships the goods to Bob.

If Bob got the goods and he’s satisfied, he and Alice can be the 2-of-3 and release the payment from the multisig to Alice’s bitcoin address. In case of dispute, they both contact Trent and explain what happened. Then, either Bob+Trent can sign a transaction that issues a refund to Bob, or Alice+Trent can sign a transaction that moves the funds to Alice.

The process on the website itself looks like that:

1. Bob goes to the “New transaction” page, enters the arbitrator (either a username of a registered arbitrator, or any public key) and the terms of the transaction (those are signed digitally by Bob and Alice, which later proves to Trent they both agreed to it)

2. Bob starts the transaction, and gets a link to share with Alice. When Alice enters, she confirms the arbitrator/terms by clicking “I agree”

3. Bob and Alice now see the transaction page with the multisig address, and Bob makes the payment.

4. Alice see the payment was received (by checking the multisig balance) and ships the product.

5. At this point, Bob or Alice can create a transaction that releases the funds, and ask the other party to approve it. If they get into a dispute, they have a link they can share with Trent, where he can be the 2nd party that approves transactions.

How it can be used anonymously?

Bitrated does not require an account or even an email address from buyer/sellers. The only details users provide are the terms of the transaction, which aren’t uploaded to the server and only shared via the URL the parties send to eachother.

Arbitrators can optionally sign up to have a public profile listed on the website, but they don’t have to. They can simply provide their public key to the buyer/seller and have them use it.

I saw you mentioned in one of our previous mails it based *mostly* on client side, can you elaborate on this?

Bitrated was built with a very strong security/privacy model. Almost everything happens client-side, with the server not being involved unless its 100% necessary. Private keys are created and used client side, transactions are constructed and signed client-side and the transaction data, including the terms, is only saved as part of the URL each party has and isn’t stored on the server at all.

The server is only involved in order to enable communication between clients. Its impossible to communicate between browsers directly, so a WebSocket server is used to send information between connected clients. The data that is sent via the server isn’t considered sensitive – just the the public key of the party joining the transaction and the partially-signed transaction request. Both of those are sent immediately to the other clients and discarded, with no permanent copy being saved. (in the future, we plan to encrypt that end-to-end too)

Elaborate on how you don’t touch the private keys and how it can be verified?

Private keys are created and used client-side, and are never transmitted to the server. Each party gets a URL with his own private key embedded in the hash portion of the URL (after the “#”, which is not part of the http
request).

Bitrated is an open-source software that can be audited by anyone. It can be independently verified that the client-side code never sends sensitive information to the server, and it can be verified that the source served by
the webserver matches the code on Github.

In the future, we plan to provide a browser extension that does this automatically and ensures that the code coming from bitrated.com matches the code published on Github.

Is there a possibility for the arbitrator to collect some fee? 

Fees are possible, but not currently handled specifically in Bitrated. There are basically two fees structures that I see people using:

  1. Fees for every transaction, which is the common model today. In this case, it should be paid as a separate transaction, before starting the multisig. The arbitrator should simply refuse to handle disputes where the fee wasn’t paid in advance.
  2. Fees for disputed transactions only. Because the arbitrator doesn’t have to do anything when there’s no dispute, some of them choose to only charge for disputes. In this case, it can be paid from the multisig balance, where the arbitrator will simply refuse to sign transactions without his fees. Bitrated’s interface can be used to create a transaction sending some percentage of the balance as fees to the arbitrator, and the rest to the winning party.

Most people using Tor markets trying to avoid using JS, and your service is based on JS, how can this work together?

I would be very careful about running Java and Flash, but I think JS is relatively safe to execute. Most of the web doesn’t function properly without JavaScript, and its necessary for a service like Bitrated that
relies heavily on client-side technology. Also, its open source and can be verified to not contain malicious code.

Who provides the arbitration?

Bitrated doesn’t provide the arbitration services themselves – the goal is to create a marketplace for arbitration services. We allow arbitrators to signup and offer their services for a fee, and let users choose which arbitrator they want to use.

Why not make a n .onion domain for this service?

.onion is good for websites that wants to conceal their identity. Bitrated is operated in the open and has a known owner (my name and my company’s name is listed in the About page), so I don’t think it’ll achieve much.

Service Name:  Bitrated
Service Url: https://www.bitrated.com/

Feel free to try it out and contact the service admin directly at [email protected] if you have any issues, questions or suggestions for improvements.

We have also added this solution to the List of hidden marketplaces as a related service

Updated: 2014-02-17

Updated: