We, the undersigned core developers of OpenBazaar, have decided with consensus on the following on November 4th, 2014: Because of the facts that: (1) Developers can be malicious Our threat model involves powerful agents at play. These can include malicious governments who have the ability to issue secret warrants legally requiring developers to take certain actions. We therefore follow a trust-but-verify model in all our development process. As such, certain developers of the project may in the future be legally required to perform actions that they do not agree with, without the ability to communicate this fact to others. Through multisig, we are requiring at least one more developer to perform a check on financial decisions as a safety-net. (2) Mistakes happen We are human and often make mistakes. This can include lost wallet keys, or destroyed laptops. Multisig will allow us to migrate our funds in case one developer loses their keys. We also sometimes make transactions that may be incorrect. A second pair of eyes is good to make sure we don’t burn our funds or we don’t send them to the wrong third party. (3) Developers can become unavailable Developers may become unavailable for various reasons such as accident or death. We do not want to depend on one individual for all our funds. In case of unavailability, multisig allows us to move our funds to a new address. (4) Dictatorship is evil We take team decisions with consensus. However, sometimes consensus cannot be reached. We have never had this problem in our team yet, but it is bound to happen in the future. In cases where consensus cannot be reached, an individual developer should not have the power to act solely as a dictator and enforce their opinion. Multisig requires at least one more party to consent. This acts as a safety net. (5) Transparency is good We believe in a transparent development model. All our code is open source. We interact with the community through public chat on IRC, on a public subreddit, and in forums, all viewable by anyone. We plan features and submit bug reports through GitHub issues, which are public. Anyone is able to criticize us through these channels directly, even pseudonymously. As of Beta 3, we are also making all all-hands developer video calls publicly available through live streaming, and they are recorded for future reference. We wish to be held accountable for our actions, and we invite the criticism of the community. In this direction, as we are funded through donations, we believe the public should know exactly how much money we have and where and when exactly it is spent. By publishing our multisig address, we submit our financial records to public scrutiny. Now, therefore, we are announcing the following: (1) Ownership of public keys Each of us controls one of the following public bitcoin keys. We are providing bitcoin signatures as proof that we are in control of each. Brian Hoffman: Address: 12khSGHCvJoB7d5evWykvgeJVdYtSgAaxo Uncompressed Pubkey: 04b3fae54a761c71d38df081cddb75b6306306d8e83338e9b748a02d4978ef48d356ec7fb4155bc819767ed90d56a0dccab185b9bf3d52027cdc226b611ddd3985 Message: This is Brian and I own 12khSGHCvJoB7d5evWykvgeJVdYtSgAaxo Signature: IHb6uWPR1mGxl85YDfPN1trD6ybLeeH0FotTWrUr2W+lcDLiM5iXompDaMJxFg3MwFQpto5cInFrPyooFw+/60I= Sam Patterson: Address: 19xZbcnF9HB3ycfFJmQS5Gr7eJ7riJKrWc Uncompressed Pubkey: 047AA4C9652BEB1A01B351CC212391168C11E192E25A88AF79A422C4F83CBC7ED0BB5632C87547C45525167A8C814AFC29C7FFE44157547DC21B193AC714B4BA06 Message: This is Sam. I own 19xZbcnF9HB3ycfFJmQS5Gr7eJ7riJKrWc and will use it for the OpenBazaar multisignature fund. Signature: IIKNFBcUu9OQ/L+bv/liAMMPBJHC70Y9bpzUsscW7C3FloC7uw5QH1UJUdN1AR50kuIAikB9mZkvZKcTGvDzDYk= Washington Sanchez: Address: 19fQbq6egzREyDSt8R1zGPAFoR1THWSV4g Uncompressed Pubic Key: 0420b86afc794ec3307bcf3becc94b30f672a17483581dd703a37956f60ba89cf77bc349fe7d9889f7ed609b14bc397fc4ae0196c8325e6acc4d2e95aceca4d207 Message: This is Washington, confirming that I own this address. Signature: Gx9lga0zuYcJk8dhXq3Wb0Nsy5tXohJusUoIw7pm9ZytrGC6wD8zfwS4K4f+sRqdWE2s9kyv9Wd5q0Fl//HY1AE= Dionysis Zindros: Address: 1HA6tFUGQrzrwGDDVp9dHivNRyhuT37dCh Uncompressed Public Key: 046ca17a66be50dc0d0093d3ebbefb74ffbd69fae577dfa329f67444f3f99913708efa5f51ca27fd0509af26245c9d5526b620cb9d90ca9a4a0ef2e3e2fe0e2bb8 Message: This is Dionysis Zindros, confirming that I own this address. Signature: HI9Bc8o/pyKmowG9cRL47Zt4ylYIJOxQnvSB4AF7FaNCHVz+hA6jowsDppAIKwLX9FMrxBqiGnhgpc/68G2t+uM= We invite the public to verify our signatures above. (2) Multisig address migration We are designating the following 2-of-4 multisig address for the storage of OpenBazaar funds: 3MXYUBLWNETa5HTewZp1xMTt7AW9kbFNqs The address is constructed with the above 4 public keys. We invite the public to check that the multisig address is a 2-of-4 address and that it is constructed using the above 4 public keys. For verification purposes, the bitcoin script is given below: 524104b3fae54a761c71d38df081cddb75b6306306d8e83338e9b748a02d4978ef48d356ec7fb4155bc819767ed90d56a0dccab185b9bf3d52027cdc226b611ddd398541047aa4c9652beb1a01b351cc212391168c11e192e25a88af79a422c4f83cbc7ed0bb5632c87547c45525167a8c814afc29c7ffe44157547dc21b193ac714b4ba06410420b86afc794ec3307bcf3becc94b30f672a17483581dd703a37956f60ba89cf77bc349fe7d9889f7ed609b14bc397fc4ae0196c8325e6acc4d2e95aceca4d20741046ca17a66be50dc0d0093d3ebbefb74ffbd69fae577dfa329f67444f3f99913708efa5f51ca27fd0509af26245c9d5526b620cb9d90ca9a4a0ef2e3e2fe0e2bb854ae (3) Mandatory transparency We have transfered all our funds to the multisig address and published it to be used for donations. While we still have access to our old donations address for donations coming from people who have stored it, we will be using the new address for all donation purposes from now on. Any funds donated to the old address will be immediately transfered to the multisig address. We will make all our organizational payments directly from our multisig address. We vow to publish the following information for every transaction originating from our project multisig address from now on:
- The recipient bitcoin address
- The date of the transaction
- The recipient actual name or company name
- The reason for the expenses
In case of conversion to fiat currency, we will state the above data for the recipient of the converted fiat currency. We invite the public to verify our GPG signatures on the above announcement. Brian Hofmann, Project Lead Sam Patterson, Operations Lead Washington Sanchez, Research Lead Dionysis Zindros, Trust & Identity Developer Please verify the authenticity of this message using GPG. Our public keys are available on popular keyservers.