CANNON:
> tails-project@???
> tails-support-private@???
>
> Are some bitcoin donations going to an unintended address?
>
> I have noticed that whenever visiting the TAILS donation page https://tails.boum.org/donate/index.en.html?r=banner
> that it presents conflicting bitcoin addresses. Out of curious if my computer was compromised I did some digging into
> this to see why this was happening. I tested various browsers, virtual machines, exit nodes, browser versions etc...
>
> I think I might have found the pattern to re-produce this issue. If visiting that page when blocking scripts it loads
> the address starting with 3Q. But if scripts are not blocked in the browser sometimes the address with 1B will load.
> It is usually every other time the page loads with no scripts blocked in the browser that this 1B address presents
> itself. Upon examining the source code it looks like the 1B address has an "ID" of tails-bitcoind and the 3Q address
> has an "ID" of riseuplab-coinbase.
>
> 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2
>
> 3QirvVRntoascPfTgNTUQvKxfKwPah5FNK
Hi Cannon,
Thanks for letting us know about your issue.
These 2 bitcoin addresses are valid and all go to Tails:
- tails-bitcoind: goes to a bitcoind client operated by our team.
- riseuplab-coinbase: goes to the US bank account that RiseupLabs
operates for us.
We send bitcoins to both addresses because we use them for different
things in the end. We control how frequently each address is being
displayed by some JavaScript on the page so we always have useful
amounts on both sides.
But it's very interesting to learn that you found this suspicious.
Do you have any idea on how to make it less suspicious will still
meeting our goals: have some very rough control on the fraction of
bitcoins that are sent to both addresses?
I thought about always displaying both on the donation page but making
the preferred one appear first and look bigger. See attachment.
Would this have prevented your confusion?
Can you think of other options?
--
sajolida