There's actually a lot of them. Is there a way to just modify it so that I can withdraw using just the private URL? (Otherwise, I'll send another support email [from gummybean] with the addresses.)
we haven't received any emails from you - support@bitino.com
will look into the private URL thing now and revert.
You will get your BTC soon one way or another.
You haven't received an email? That's odd. Here's the message (as shown by Gmail -- all "Delivered-To" fields in the sent folder show my address since it's not the actual email you received):
MIME-Version: 1.0
Received: by 10.181.12.109 with HTTP; Fri, 1 Mar 2013 05:56:50 -0800 (PST)
Date: Fri, 1 Mar 2013 08:56:50 -0500
Delivered-To: gummybean@gmail.com
Message-ID: <CAN-d5MKpUD4b=NVXrEcNEN8BB014k5txuBvQ49D+f=GPBL0_hg@mail.gmail.com>
Subject: URGENT: Problem withdrawing from private URL!
From: Gummybean <gummybean@gmail.com>
To: support@bitino.com
Content-Type: multipart/alternative; boundary=f46d04451a1f07ab6e04d6dd6126
--f46d04451a1f07ab6e04d6dd6126
Content-Type: text/plain; charset=ISO-8859-1
Dear Bitino,
I'm a little bit worried. I was saving the URL's (here's one of mine:
http://bitino.com/REMOVED/) to go back to and withdraw my cash
later. The page shows the correct bitcoin balance, but they're not letting
me withdraw! It says I haven't played a game, so even when I go ahead and
play another round, it still says "You haven't played yet!"
Could you fix this ASAP because I actually put a decent amount of money in
this.
Thanks,
REMOVED
--f46d04451a1f07ab6e04d6dd6126
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div>Dear Bitino,</div><div><br></div>I'm a little bit worried. =A0I wa=
s saving the URL's (here's one of mine:=A0<a href=3D"http://bitino.=
com/REMOVED/">http://bitino.com/REMOVED/</a>) to =
go back to and withdraw my cash later. =A0The page shows the correct bitcoi=
n balance, but they're not letting me withdraw! =A0It says I haven'=
t played a game, so even when I go ahead and play another round, it still s=
ays "You haven't played yet!"<div>
<br></div><div>Could you fix this ASAP because I actually put a decent amou=
nt of money in this.</div><div><br></div><div>Thanks,</div><div>REMOVED</div>
--f46d04451a1f07ab6e04d6dd6126--
So... to be clear, are you all going to change it so that you only need the private URL to withdraw funds (no cookies), or do I need to email support to get my BTC back?
Why are you not a casino? People gamble with bitcoins and can win more bitcoins. Your site describes itself as "Win Bitcoins playing classic exciting gambling games at our Bitcoin Casino. Fair and Verified Games. Instant Withdrawals."
My apologies if I've mischaracterized you, but a casino is "a public room or building where gambling games are played." bitino seems to clearly be an online variant of that.
it's all about reputation. all games are made public online. all payouts are displayed on the website. if things went array for any reason it would be public knowledge very quickly and thus the end of the site.
I like the idea of provably random, but I think I would change it in a subtle way: I would pull the least relevant digits from a list of stocks (or currencies), sum them, then hash them. The key would be to do this after the bets are placed. Since any amount of jitter on the least significant digit for any of the stocks completely changes the outcome, and since there are already massive third parties interested in the exact nature of these numbers, you would have a very random, very provable flip. You wouldn't need a changing seed because the bets would come in and then everyone would wait a second or two and then the result would be provably fair.
The problem with your provably random method is that it is still possible for the house to get a slight edge. Since the server seed is random, you could regenerate it hundreds of thousands of times so that the house has a slight edge for the first two or three flips (assuming there are lots of people playing on the same deck, it gets wayyyy easier if it is one deck per person). You don't need that much of an edge to dominate your competition. An edge of 2 or 3% doubles your revenue; which would 4x or 6x your profit, since margins are usually thin for gambling sites.
My gut feeling is that since it's using a repeatable number-generator (without which it wouldn't be "provably fair" as you have described), it might be possible to game by client-side pre-evaluation of the sequence. Even if the whole sequence isn't finalized until the initial bitcoin transfer is made (I only have the information provided on the site to go on...), it might be possible (for example) to strategically transfer/commit, at a known/manageable cost, but simply not play the hand (abandon the transfer) unless the payout is greater than your expenses, circumventing the game's long-run behavior entirely. We don't have server code to look at (github?), but we all have access to python's libraries and can seed our own PRNG after the transfer in order to evaluate the hand/sequence.
Not exactly. It means, you can check two things after you have played:
1. The random number was generated before you even started. So the house could not change the number depending on the actual bets.
2. Distribution of random numbers over time. E.g. if the rule is "win when uniformly random number 0..1 is greater than 0.5", then you can check the history of all random numbers played (at least with your bets, if you don't trust the house to show real bets for other players) and calculate the properties of actual distribution. If it does not contain a significant offset, then it's fair. (Small deviations can be seen simply as part of the fee.)
I know what probably fair means, just that I don't understand why it would be so big deal. Why would the casinos cheat if the probabilities are on their side in every case?
"ammounts" should read "amounts"
"Private Game URL's" does not need an apostrophe
"You muse keep your game" should read "You must keep your game" (I'm guessing that one)
