That is an unfortunate scenario you are describing, and of course it is possible. It is also *possible* that a lightning strikes our servers and all the backup locations, which will be unfortunate as well. But to this point we have been going into this with the intention to make the risks as low as possible, and we have outlined both here and on bitcoinfog.com which steps we have taken.
Good backups can't be assumed unless you explicitly take credit for them. But really, the more likely scenario I am thinking of, is like the recent one with Intersango, where someone's withdrawal was paid 512 times to someone who felt entitled to keep the overpayment, to MtGox, who recently sent bitcoins to never never land.
So we should make it easier for an attacker/analyzer to do statistical analysis on our payouts even before they are made and helping them to start finding our bitcoin client? 
(that could only be done by an authority of course, because that would mean having control over a LOT of nodes, but still)
No, we won't make their life easier, this most probably WILL NOT be implemented.
(that could only be done by an authority of course, because that would mean having control over a LOT of nodes, but still)No, we won't make their life easier, this most probably WILL NOT be implemented.
This is further evidence of not understanding how Bitcoin works. Your very same payout transaction will be seen in the block chain, so you aren't gaining anything by refusing to provide your proposed transaction in advance. Statistical analysis should yield nothing unless you're using a poor method to randomize your transaction outputs. And it is between very difficult to impossible to tell whether an incoming transaction originated from the connected node, versus being simply relayed by that node. You're using Tor as you note before, so your apparent IP shouldn't even matter.
And how would people verify that the tx is correct? Just checking all the addresses? Don't you think that it is easier for people to just check the addresses when they are putting them into the withdraw form of our service?
They would be able to verify that you intend to send a total of BTC spread across their addresses, consistent with their expectations. They might be able to alert you if there is any bug/problem before the BTC transaction actually gets committed to the block chain.
It does NOT actually have a public IP, this is the reason we are running it through TOR.
Excellent. +1
I am sorry but you have clearly misinterpreted some things again. Where did I state that I was unfamiliar with the checksum mechanism? I only said that checking for it was not a priortity, because ask us, users should be able to provide us with proper addresses if their money is important to them. It is not like copy-pasting a string of characters is challenging nor should be something new to anyone dealing with bitcoins.
The fact that you felt it unnecessary to implement - or didn't know to implement this - leads me to the same conclusion. The checksum is there for a reason. The idea that users should make perfect inputs on the basis that their money is "important" is a nice theory. Having your service simply not pay, rather than tell them to check their input and try again, is ... something I shouldn't feel I have to explain. You should know better.
As for using the powers of 2, I will check with our mathematician, but what exactly does make this
0.25 -> 1sWmdS
0.25 -> 1aasdF
0.25 -> 1aasdF
0.25 -> 1sWmdS
0.25 -> 1aasdF
0.25 -> 1aasdF
0.5 -> 1sWmdS
harder to analyze than
0.23 -> 1sWmdS
0.36902062 -> 1aasdF
0.18097938 -> 1aasdF
0.46274 -> 1sWmdS
0.2 -> 1aasdF
0.025 -> 1aasdF
0.30726 -> 1sWmdS
?
Both are pretty easy to analyze, that is why we always suggest to our users to never withdraw the same amount that they have put in...
Both are pretty easy to analyze, because you have unnecessarily chosen to use the same addresses repeatedly ("1aasdF" and "1sWmdS") to pay the same two people. This isn't even anonymizing, this is more like bloating the block chain. Consider having each person provide you a large number of addresses, and use each one only once. Then ask the same statistical analysis question again with each 0.25 going to a unique address.
Well so far I cannot say that you have really showed any real flaw of our system, and your critic was mostly based on you not fully understand how we operate. So we fully support this and it is always good to see this kind of criticism, because the more we explain how we work, the more we believe that users will see our service for what it is and use it.
I am sorry that you have received this apparent general feel that we are a bunch of 16yearolds that just learned some BASIC, but as an anonymous service we will just have to answer all your question in the biggest detail possible and take the time to prove you wrong
I am sorry that you have received this apparent general feel that we are a bunch of 16yearolds that just learned some BASIC, but as an anonymous service we will just have to answer all your question in the biggest detail possible and take the time to prove you wrong
I wish you luck. I can't recommend your service, but I shall not fault you for looking to provide something useful to the Bitcoin community. I just wish that (in my view, which I think is pretty solid) it didn't have to burden people with risk that you don't seem to appreciate. Lots of people much older than 16 are not well suited to provide this service, I don't think you're acting like a teenager, just more that you're biting off more than I think you can chew (and others, not you, take any fall). Best of luck though. And I am certain that you will quickly progress to the point where these criticisms of mine will be moot, because I've essentially said you are insufficiently experienced with the innards of the Bitcoin system, surely that will change.