Probably the same reason Wikimedia doesn't: IRS guidance on accepting donations of property (which is what they treat bitcoins as). The safe thing for a 501(c)3 to do is take details.
When Coinbase gives the option to donate directly to a Bitcoin address, "1GnkMmEjTHHrw8BaWzBxEzuNweUwhmwGrg" in this case, is that a wallet Mozilla owns?
A Bitcoin address is just an identifier (cryptographic hash) of a public key in a keypair. For every transaction you do, you can create a new one. It's also possible to publish one publicly, as an address to anonymously send donations to, which can also make it easier for the public to track how many donations have gone to that address, but for most purposes, you create one per transaction, so you can keep track of how much has been spent in that transaction.
Any time you send Bitcoins, the way it works is that it sends the portion you specify to the given address, and generates a new keypair for yourself to send the change back to an address you control.
So, unless you just happen to leave a single address published publicly as your donation address, you don't have a permanent address. If you want to collect any additional information associated with a transaction; an email address to send thanks (or hit up for donations later), information to collect for tax purposes, etc, you just create a new keypair and thus new address for that transaction.
I have a single, permanent Bitcoin address (1jb55g498MEa274Z1YWUXQFxZE5NzvhV7). I don't pretend Bitcoin is anonymous and I always set my change address to go back to the inputs.
I understand the risks of how the address inputs and outputs as probabilistically tied to my identity. If I cared about those things I probably use stealth addresses and dark wallet or something.
So, that "single permanent address" can work fine if you're just looking for donations, or doing transactions with people you trust.
If you're doing any kind of transactions in volume, it's much easier to just give each customer a unique address to send to, so you can verify that you've been paid when the right amount has been transferred to that address. That way you don't have any confusion of who has actually paid you if two people owe you similar amounts at the same time, and you see a transaction come in of that amount.
So yes, it's possible to pick one address as your "single permanent address", but it's not something that's expected or common.
There are also cryptographic risks associated with reusing an address, not just identity risks. The address is a hash of your public key. You don't have to reveal the public key matching the address until you spend from the address. When the public key is secret, your address is safe even from hypothetical attacks on Bitcoin's crypto implementation. Once you spend from the address, the public key is public knowledge and that extra protection is lost.
So yes, you can arbitrarily pick one address of yours to share publicly and keep permanent.
But there is nothing in the protocol or any of the default clients that gives anyone a distinguished "permanent address". So saying "I wish we knew Mozilla's permanent Bitcoin address" indicates that such a thing is expected, when in reality any one address that an entity has is a good as any other, and addresses are generally intended to be ephemeral and single use.
I don't think that's how it works. From my understanding, a new address is typically used for every new transaction. What you are interested in is their wallet which would be the sum of their addresses.
On the other hand, it appears that they are using Coinbase. In that case I'm not sure Mozilla would have direct access to a wallet. Instead I imagine that Coinbase keeps track of their balance which is divided among Coinbase's wallets (sort of like a bank). I'm not too well versed however, so maybe someone else can clear this up.
You can use your Coinbase wallet in a variety of ways, including having it build a cart and payment address for you for each transaction or simply using a single address for receiving multiple ongoing payments. The address will be permanently assigned to your Coinbase account once you create it.
That said, I don't think there is a way to get the private keys for these addresses so you can use them on your own wallet software. Not that you would want to, given Coinbase is currently holding (and aware) of said addresses keys.
> I don't think that's how it works. From my understanding, a new address is typically used for every new transaction. What you are interested in is their wallet which would be the sum of their addresses.
Single address can be used as an output of many transactions. There is nothing preventing it in the protocol. More - it's a "natural" thing. Generation of address per transaction is a very convenient but not enforced by anything.
An address can receive multiple payments, but the most likely use case from that is mining output, or recurring payments from the same sender.
A wallet owner is able to generate new addresses at any time, and generally does so in order to verify that a payment is coming in for a specific transaction. For example, a Bitcoin ATM operator wouldn't generate a payment address until a patron is standing at the kiosk. As soon as a transaction is verified, the machine would dispense whatever amount of money and future payments to that address would probably be ignored.
You are right that Mozilla probably isn't even operating a bitcoin wallet in this case. They are probably just getting USD from Coinbase.
Correct. Bitcoin addresses are more like invoice numbers than account numbers. You're expected to use a different one for each transaction so that you can tell them apart.
I agree with the idea that address reuse is risky, but was that idea a common understanding when Bitcoin was first created? Is it to be found in the original paper? Or is it more of a realization or concern that's developed over time?
I was unaware until I recently tried to use bitcoin again, in fact I originally thought reuse was fine. It was very common for people to put a btc address as a signature in forums.
Perhaps the documentation was improved. I don't know if it was in the original paper.
Especially considering the Eich kerfuffle, you think Mozilla would appreciate anonymous donations so this sort of thing won't be a distraction from their goals:
To me this is not an intuitive leap (and does appear off-topic at first blush), but on further rumination does indeed present an important insight into the root cause of the Eich debacle.
