Hacker News new | past | comments | ask | show | jobs | submit login
Mozilla accepting Bitcoin donations (sendto.mozilla.org)
221 points by kang on Nov 26, 2014 | hide | past | web | favorite | 74 comments

A little offtopic, has any of the major Bitcoin heists been traced to spending yet? Would be funny to see a portion contribute to a project like this. Especially in the case of Silk Road where no one can really come forward and claim their bitcoin..

I don't think there's any good reason to speculate wildly about the interests of a smallish segment of the market.

Sorry, was this a reply to the wrong comment? Can you expand?

Sure. Thank you for asking. No, it was directly addressing speculative conversation.

I'm aware this might be a contentious statement, but frankly I'm tired of the same old conversations about the value of Bitcoin compared to traditional fiat. I much more appreciate conversations about the value of the technology behind the blockchain, and the challenges we can surmount wielding it.

Conversations that incite conflict, including (perhaps) your original comment, make me bored and sad when I think about how people approach and understand crypto currencies. As the 'technical luminaries' for the the less technical in the world, I think we owe it to ourselves to not incite FUD here in this forum and then carry it out with us into the world.

It's the holidays as well, so it's a time when families gather and tell stories. If we are having a good time bashing on Bitcoin value or relating it to some two bit drug market that the FBI knocked down, we aren't educating on it's value. You are just catering to the fear that is always present with new technologies.

Anyway, you are allowed your own thoughts regarding the matter. I apologize if I came off overly aggressive about it. It's important to me!

My comment was out of genuine curiosity. I agree they're not of much technical value and for HN it's closer to "trash" material, however I don't see why we must limit our comments to purely technical concepts.

I find the events surrounding Bitcoin, specifically the criminal aspects fascinating. I mean come on, who doesn't love a good heist? Especially one that's been committed anonymously and thus far turned up completely untraceable. No, the content of the discussion generally isn't very intellectual, however it does incite and bring about thought-provoking and technically interesting arguments.

I never really put forth my thoughts on anything relating to Bitcoin when I posted that comment. I was merely asking if there'd been work done around tracing Bitcoin theft.. I don't think I'm inciting FUD whilst asking a question. I understand that the talk of crime and theft in Bitcoin could become tiresome for you and other technically and academically interested parties, however my fascination with such topics isn't limited to Bitcoin. I just don't think you should accuse me of speculation or inciting FUD when all I posed was a question.

Also to be fair, I had labelled my comment offtopic.

Contributed to Mozilla for the first time ever with Bitcoin. Very fast/easy.

Okay honest question: How did you get bitcoins? I've looked around and my options seem to be to give my CC number to a shady website or to meet someone in person and give them cash. Is there really no safe-sounding option?

Have you tried Circle? They're funded with over $17 million [1], so I don't think they qualify as shady, and I'm pretty sure they let you buy with a credit card.

[1] edit. Double checked and the looks like it's $17 million: http://techcrunch.com/2014/03/26/bitcoin-gets-another-boost-...

Completely free with ACH purchases.

Coinbase supports ACH transfers. They're hardly anything I would call a "shady" website.

They're also backed by ycombinator and Andreessen Horowitz.


weren't they the ones not fulfilling orders when the value of bitcoins fluctuated "too much"...

We've never canceled orders due to price changes.

You can tell that this is a carefully rehearsed PR account since the issues at Coinbase never was about "cancelled orders". That's a very literal and lawyerly rebuttal of Istof's comment. A trustworthy human being would have known exactly what events Istof was referring to, and answered that accusation rather than trying to hide behind semantics.

The issue at Coinbase ( https://news.ycombinator.com/item?id=6932224 ) was them taking weeks to fulfil orders, while sitting on your money, during which time the price of bitcoin was fluctuating wildly, and then processing them at the original bitcoin price, rather than the current (lower) price. End result is the customer getter far fewer bitcoins than the current market rate and accusations that Coinbase was pocketing the difference.

One of the submissions about it: https://news.ycombinator.com/item?id=6929705 Note that it took considerable pressure from the HN community (and possibly YC) before Coinbase even refunded the guys losses. They wanted to just give him a token $50 worth of bitcoins, when the profit Coinbase had made from delaying the transaction was more like $12k.

This wasn't a one off either, there were other stories on HN ( e.g. https://news.ycombinator.com/item?id=6933360 ) and threads full of people on /r/bitcoin detailing similar experiences. Nobody could get their money out or get any reply from the company and for a while it looked like it was another mt.gox. There was a total failure of support and communication.

Hi, my name is Craig. I'm a real engineer. The reason I answer things this way is because I haven't actually been given explicit permission to respond to these kinds of things on behalf of the company, and I never want to open a can of worms by saying more than I should or than is necessary. So, you are wrong. This is definitely the real me here.

You are also wrong about the issue. What you are referencing is a specific time about a year ago. Note that all the posts you reference are exactly 343 days ago. Those issues have long been resolved on both individual and general scales. To bring them up now as if they are current issues is dishonest. We had one support person and a ticket queue of 8,000 items in the middle of a massive bubble and pop. That is why support "went dark". It took weeks to respond because it was not humanly possible to respond faster. We were working night and day. Now we have a team of 40 support with live chat, so it won't happen again.

The more common criticism we receive, and the one I was responding to, is the notion that we cancel orders due to "high risk" as an excuse when the price goes up (not down), because the coin is now more valuable and we'd profit by keeping it ourselves. That's just not how we work, and we have never done that. (It is never noted that we cancel as many transactions due to high risk when the price goes down, with the effect of actually saving false-positive users money they otherwise would have lost.) If you do not think this is our biggest criticism, or if you think the ones you referenced are still relevant, then you do not know enough about Coinbase to be making the claims that you are.

that may be true, but that time was the only time that I tried to purchase Bitcoins online with USD... I ended up using some local options

They had their growing pains to be sure, but I'd still say they're the best if you have a USA bank account.

I found Coinbase quite painless.

I accept them for services provided over the internet. So far, math tutoring. I spend them on services that accept bitcoins. So far, VPN, Julian Assange's book, a few Amazon books through gyft.com, and a couple of meals at local restaurants.

Seeing your question here and the answers it's getting, sometimes I feel like I'm the only one treating bitcoins like a currency instead of a commodity.

If you're in Europe, you can do a SEPA transfer to someone on localbitcoins - you don't have to meet in person.

1) Bitcoin ATM

2) Any reputable exchange (Bitstamp, Coinbase)

3) LocalBitcoins


When you hit the "Donate" link, it asks you for your email addy. IANAL, but why not accept anonymous donations?

Probably the same reason Wikimedia doesn't: IRS guidance on accepting donations of property (which is what they treat bitcoins as). The safe thing for a 501(c)3 to do is take details.

When Coinbase gives the option to donate directly to a Bitcoin address, "1GnkMmEjTHHrw8BaWzBxEzuNweUwhmwGrg" in this case, is that a wallet Mozilla owns?

It looks like a new address is generated for each transaction.

Oh, good to know. I wish we knew Mozilla's permanent Bitcoin address.

No one has a single "permanent" Bitcoin address.

A Bitcoin address is just an identifier (cryptographic hash) of a public key in a keypair. For every transaction you do, you can create a new one. It's also possible to publish one publicly, as an address to anonymously send donations to, which can also make it easier for the public to track how many donations have gone to that address, but for most purposes, you create one per transaction, so you can keep track of how much has been spent in that transaction.

Any time you send Bitcoins, the way it works is that it sends the portion you specify to the given address, and generates a new keypair for yourself to send the change back to an address you control.

So, unless you just happen to leave a single address published publicly as your donation address, you don't have a permanent address. If you want to collect any additional information associated with a transaction; an email address to send thanks (or hit up for donations later), information to collect for tax purposes, etc, you just create a new keypair and thus new address for that transaction.

I have a single, permanent Bitcoin address (1jb55g498MEa274Z1YWUXQFxZE5NzvhV7). I don't pretend Bitcoin is anonymous and I always set my change address to go back to the inputs.

I understand the risks of how the address inputs and outputs as probabilistically tied to my identity. If I cared about those things I probably use stealth addresses and dark wallet or something.

So, that "single permanent address" can work fine if you're just looking for donations, or doing transactions with people you trust.

If you're doing any kind of transactions in volume, it's much easier to just give each customer a unique address to send to, so you can verify that you've been paid when the right amount has been transferred to that address. That way you don't have any confusion of who has actually paid you if two people owe you similar amounts at the same time, and you see a transaction come in of that amount.

So yes, it's possible to pick one address as your "single permanent address", but it's not something that's expected or common.

There are also cryptographic risks associated with reusing an address, not just identity risks. The address is a hash of your public key. You don't have to reveal the public key matching the address until you spend from the address. When the public key is secret, your address is safe even from hypothetical attacks on Bitcoin's crypto implementation. Once you spend from the address, the public key is public knowledge and that extra protection is lost.


I think if someone can hack my wallet from a public key we have bigger problems

You just contradicted yourself, which is misleading. You started off by saying:

> No one has a single "permanent" Bitcoin address.

And then you finished with:

>So, unless you just happen to leave a single address published publicly as your donation address, you don't have a permanent address.

So yes, you can arbitrarily pick one address of yours to share publicly and keep permanent.

But there is nothing in the protocol or any of the default clients that gives anyone a distinguished "permanent address". So saying "I wish we knew Mozilla's permanent Bitcoin address" indicates that such a thing is expected, when in reality any one address that an entity has is a good as any other, and addresses are generally intended to be ephemeral and single use.

I don't think that's how it works. From my understanding, a new address is typically used for every new transaction. What you are interested in is their wallet which would be the sum of their addresses.

On the other hand, it appears that they are using Coinbase. In that case I'm not sure Mozilla would have direct access to a wallet. Instead I imagine that Coinbase keeps track of their balance which is divided among Coinbase's wallets (sort of like a bank). I'm not too well versed however, so maybe someone else can clear this up.

You can use your Coinbase wallet in a variety of ways, including having it build a cart and payment address for you for each transaction or simply using a single address for receiving multiple ongoing payments. The address will be permanently assigned to your Coinbase account once you create it.

Here's some Python code for creating addresses on Coinbase, if anyone is interested in how it works: https://github.com/StackMonkey/utter-va/blob/master/webapp/l...

That said, I don't think there is a way to get the private keys for these addresses so you can use them on your own wallet software. Not that you would want to, given Coinbase is currently holding (and aware) of said addresses keys.

> I don't think that's how it works. From my understanding, a new address is typically used for every new transaction. What you are interested in is their wallet which would be the sum of their addresses.

Single address can be used as an output of many transactions. There is nothing preventing it in the protocol. More - it's a "natural" thing. Generation of address per transaction is a very convenient but not enforced by anything.

An address can receive multiple payments, but the most likely use case from that is mining output, or recurring payments from the same sender.

A wallet owner is able to generate new addresses at any time, and generally does so in order to verify that a payment is coming in for a specific transaction. For example, a Bitcoin ATM operator wouldn't generate a payment address until a patron is standing at the kiosk. As soon as a transaction is verified, the machine would dispense whatever amount of money and future payments to that address would probably be ignored.

You are right that Mozilla probably isn't even operating a bitcoin wallet in this case. They are probably just getting USD from Coinbase.

Correct. Bitcoin addresses are more like invoice numbers than account numbers. You're expected to use a different one for each transaction so that you can tell them apart.

Bitcoin is less secure when addresses are reused, it is not intended to be used that way.

I agree with the idea that address reuse is risky, but was that idea a common understanding when Bitcoin was first created? Is it to be found in the original paper? Or is it more of a realization or concern that's developed over time?

I was unaware until I recently tried to use bitcoin again, in fact I originally thought reuse was fine. It was very common for people to put a btc address as a signature in forums.

Perhaps the documentation was improved. I don't know if it was in the original paper.

They might be automatically converting to USD and giving that to Mozilla.

No transaction was found to this address: https://blockchain.info/address/1GnkMmEjTHHrw8BaWzBxEzuNweUw...

Especially considering the Eich kerfuffle, you think Mozilla would appreciate anonymous donations so this sort of thing won't be a distraction from their goals:


EDIT: Why the downvotes? The biggest Mozilla news of the year hinges on the issue of donation privacy/transparency. Seems extremely pertinent to me.

To me this is not an intuitive leap (and does appear off-topic at first blush), but on further rumination does indeed present an important insight into the root cause of the Eich debacle.

is anyone else seeing a broken image in the middle where I assume what should be the "pay with bitcoin" button is?


Seeing the same here, links to an asset on CoinBase.


It looks like Coinbase's CDN uses unique identifiers for static assets to prevent caching, and the one Mozilla used for that image is out of date.

Broken: https://coinbase.com/assets/buttons/donation_large-36ee93618...

Working: https://coinbase.com/assets/buttons/donation_large.png

Ugh. Thanks, will get folks to look at what happened.

Thanks for the heads up. It seems Mozilla were hotlinking directly to our digested button image URLs, which recently changed.

We're reverting to the old images now to fix this issue.

No Dogecoin? Requires an email address? Why not just post a BTC and/or Doge address and be done with it?

I thought bitcoin was meant to avoid such things. It seems like using bitmessage to send someone your email address.

I would hope Mozilla's ethics prevent them from promoting scams by accepting Dogecoin.

They're already accepting scams like bitcoin, why not accept the crytpocurrency that doesn't try to pretend it isn't a joke

Not on the main donation page. If it's hidden away in a nook it doesn't count.

When Wikimedia started accepting Bitcoin, I was utterly unsurprised that the very first reaction from Bitcoiners was to complain about how WMF was doing it. You'd almost think their interest was in promoting Bitcoin rather than in donating to the charity in question.

No, seriously.

Bitcoin users donate more to causes. Why would they require a separate Google search just to donate in a widely used currency? What's the point of creating a separate page? It's simply bad practice.

It seems to me you just want to jump on a soap box. Go blog about it. But when I want to donate to something I go to the website and click 'Donate' and I USE THE OPTIONS THERE...

> Bitcoin users donate more to causes.

No evidence of this.

> Why would they require a separate Google search just to donate in a widely used currency?

It's not "widely used" for any fair definition of the term, it's an upcoming niche at best.

> But when I want to donate to something I go to the website and click 'Donate' and I USE THE OPTIONS THERE...

Fair enough. It's really up to you to decide what's more important, donating to the cause or bitcoin evangelism; if you're more concerned with the former rather than the latter, it shouldn't matter where the bitcoin option is located so long as you can use it to make your contribution.

This is what I mean. This isn't a debate and I've no interest in your lack of research and bad arguments.

Mozilla says they accept Bitcoin and has A page for it. But beyond this single story, people are never going to see it. If they started accepting feces and didn't put it on the donation page I'd still say it doesn't count.

If you want to rant about Bitcoin and act like you're on some sort of higher ground because you don't care about what currencies are accepted, blog about it. I don't care. It has nothing to do with my point.

> This isn't a debate and I've no interest in your lack of research and bad arguments.

This is a common tactic used by individuals with no evidence to support their claim. Rather than substantiate your claim that "bitcoin users donate more to causes" or provide numbers to explain your subjective assertion that bitcoin is a "widely used currency", you shift the onus on me to provide evidence for statements made by yourself. Its your responsibility to support your own claims, not mine.

> Mozilla says they accept Bitcoin and has A page for it. But beyond this single story, people are never going to see it.


> people are never going to see it.

Don't you understand that nobody cares about that except bitcoin evangelists. The bitcoin donation page is functioning as intended, anybody who cares about supporting the Mozilla foundation has the option to donate funds using fiat or bitcoin. If your only complaint is related to the visibility of the bitcoin donation option, then it's pretty obvious to everyone that all you're really after is publicity for bitcoin.

> If you want to rant about Bitcoin and act like you're on some sort of higher ground because you don't care about what currencies are accepted

What's with the persecution complex? "Not caring which currencies are accepted" doesn't mean I feel like I'm on "higher ground", it literally means what the sentence says: I don't care, and nobody else does except people who have a bitcoin promotion agenda.

> nobody cares about that except bitcoin evangelists

I haven't evangelized anything. I said Mozilla does NOT accept Bitcoin though their donation page. Get over yourself.

> Mozilla does NOT accept Bitcoin though their donation page.



What part of the title "Mozilla accepting Bitcoin donations" is false then?

Go to Mozilla.org and get to their donation page from there. No bitcoin.

I'm curious why Mozilla needs contributions.

Previously they were getting $300M a year from Google and they were required to spend that every year, from what I've been told from employees that I know. Everything I've heard from them is that Mozilla is a very wasteful company. They spend a bunch of money on things like boondoggles to Europe for the staff, apartments in Paris that anyone can book, employees sitting around with almost no work to do, etc. They also have really lucrative bonuses (>40%/yr) for employees that push salaries over $200k for senior engineers, so I'm just wondering why they even bother with donations? I'm assuming that their contract with Yahoo is even more lucrative than $300M/year, so they must have a lot of money to spend, why worry about donations that might only reach a small percentage of that?

Major points: donations are used for projects working on things like web literacy, rather than on large engineering projects like Firefox. The more Mozilla get from donations, the less dependent on Google/Yahoo they have to be and thus they can be more independent - even fairly small absolute amounts will 'push the needle' here.

Minor point: I strongly contest that Mozilla is a wasteful company - salaries are low by large-tech-firm standards and spending (on travel, equipment, etc.) is fairly frugal. I have never heard of employees having almost work to do - it is nearly always the opposite. Travel is nearly always for coordinated team work since many employees and volunteers work remotely. For a (relatively) small budget, Mozilla produce an awful lot of results - the entire company is run on vastly less than the marketing budget (!) for Chrome, for example (sorry, can't find a source though).

The "marketing budget for Chrome" is something thrown around internally at Mozilla, but that number was pulled out of calculations on how much it would cost somebody else to advertise Chrome that google does on its own properties. Google does not have to charge itself to advertise itself.

They have to give up the revenue advertising for someone else, to advertise for themselves.

In theory; in practice most of the places where Chrome is advertised they wouldn't advertise a third-party product. (Like on the Google search engine homepage, for instance.) That said, I suppose they could be advertising a different internal product there, so there's certainly an opportunity cost regardless.

<disclaimer>I'm a Moco employee</disclaimer> I don't know who told you that Mozilla was required to spend all $300M each year, but looking at the financial from past years will show you that it's not that clear (https://www.mozilla.org/en-US/foundation/annualreport/2013/) The apartment in Paris is actually a way to spend less compared to sending people that visit the Paris office to hotels. Bonuses are not >40%/yr, this is the absolute maximum, and it has never been 40% per year in the last 4 years. It's true that compensation at Mozilla is good, but you need that to be competitive on the job market.

Donations are important for the Mozilla Foundation to keep a non-profit status. The Yahoo! deal is a Mozilla Corporation deal, so that's a different story (Mo Corp pay taxes like any company).

Yep, they have already went through one IRS audit because too much of their income was concentrated on too few sources (makes it look like a front set up by those sources for tax purposes). See https://en.wikipedia.org/wiki/Mozilla_Corporation#IRS_audit for example.

(Disclaimer: not a MoCo/MoFo employee)

Have the terms of the agreement between Google and Mozilla been made public regarding that? Were they limited to what they could spend that money on?

AFAIK donations go to mozilla foundation. mozilla corporation cannot fund mozilla foundation, so the foundation works solely on donations.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact