[Market Update] Sourcery New Features

We would like to announce new functionality implemented on Sourcery. We've done a couple of vendor specific features per request and added additional safety for buyers. A recap of our new features:

Signing Addresses for Multisig

In the spirit of keeping multisig safe and transparent, we've implemented an additional safety net for buyers.

The Problem: How do you actually know that the vendor BTC address/key used in creating the multisig address actually belongs to the vendor? An unscrupolous market could put in an address the market actually controls, cancelling out the benefits of multisig. The buyer has no real way of knowing that the right keys are being used.

Our Solution: Enable vendors to sign each Bitcoin address the vendor controls with their vendor PGP key, which can be verified by buyers. When a buyer purchases an item, along with each of the addresses used to create the multisig address, the buyer will also be presented with a PGP signed message with the vendor's address - guaranteeing that the vendor does indeed control the address being used in the transaction. Given that signing each address would be a major pain for a vendor, we have a simple shell script that is run locally by the vendor and will create the signatures. In a matter of minutes, a vendor could sign dozens of addresses - giving their customers piece of mind that they actually do control the signing key used in the multisig address. See http://sourcel3zg2kzu4k.onion/open-source.php for source code. This feature is optional currently until we get vendors educated about this new feature. Once that happens, it will be mandatory for vendors to provide this for buyers. We believe we've made it really easy to do and it should take little time to pre-sign dozens of addresses.

See http://sourcel3zg2kzu4k.onion/multisig-overview.php#verify-ms for instructions and tips for verifying a multisig address.

Future Enhancements

The last feature will enable vendors to get their funds as soon as an order is finalized and avoid having to complete the signing step after finalization. Presently, this part occurs after finalization. We will make it optional for a vendor to have a signed transaction ready for broadcast as soon as an order finalizes. At any point before finalization, a vendor will be able to upload the signed transaction to Sourcery. When the order finalizes, we will add our signature to it and broadcast it. That way, a vendor gets his/her coin as soon as the order is complete. In the current process, when an order finalizes, Sourcery creates a transaction, signs it, and then presents it to the vendor. The vendor then signs it and broadcasts it. The option for the vendor to sign before finalization will enable the vendor to get coin as soon as the order is done and not have to complete these steps afterwards. We expect this to be implemented in the next couple of days.

A note about our scripts - all scripts will be posted publicly for inspection by anyone. No scripts will expose any keys or compromise a vendor in any way. We simply want to help with the process and make multisig easier. They will be simple shell scripts that can be run offline that will make calls to electrum command line and GPG. They can of course be tweaked by a vendor to fit their own process.

We are still looking for more vendors for the market side of our service. If interested, reach out to me and we will get you set up and step you through any part of the multisig process. We are constantly working with our vendors to make this painless and easy. Our goal is truly to make multisig as simple as possible and as least intrusive to business operations. We do listen to all of our vendors and their pain points.

Sourcery Market http://sourcel3zg2kzu4k.onion/


Comments


[3 Points] None:

Better hope your market doesn't get hacked ! Bug hunter and cypher might be all up in that ass.


[1 Points] None:

I give you another month or two until shit truly goes wrong for you guys.


[1 Points] MitalikaSucks:

Good luck guys!

Do not understand why do we always have to bull any new market, up to wishing it to be hacked. And all these while being non satisfied with the existing markets