Show HN: My friends just built a Bitcoin casino
bitino.comI gave it a shot with 0.1 BTC. Funds were available to start using a few seconds after I sent them. Went up a bit, got a 10, decided to cash out. Funds can't be withdrawn until the initial transfer has been confirmed 6 times (standard w/ bitcoins).
Fun, simple. GJ.
6 confirmations finally occurred, was able to withdraw. So, all in all, no problems.
http://bitino.com/about/ says I have to keep my game URL private otherwise people can steal my BitCoins, but there is no HTTPS? No deal.
Cut them some slack, this is obviously as MVP as it gets.
+1
can you clarify what was said above, are bitcoins held in the same way instawallet does?
"Bitino is a games company based in London."
Then you are breaking the law. UK-based gambling companies have to ensure that customers are over 18. Running a gambling game that uses anonymous payments goes against this principle!
You could still do identity verification using either a 3rd party service, or by getting sight of ID documentation. (Certified copies of passports posted out, for instance. Sounds mad, I know, but I worked at a gaming start up and we had to do that for some customers!)
In fact, you'll have to do that ANYWAY to be compliant, regardless of the method you use to fund accounts.
True, although by the time you've signed up and proven ID, you've lost the 'spontaneous' appeal of the site (making it quick and easy to have a bet). I guess the site still has the advantage of low-cost money transfers and no risk of chargebacks, so bitcoins may have a use here.
I wonder if it is possible to use bitcoins and comply with the UK gambling restrictions against money laundering? At first glance, it looks impossible, bitcoins being (supposedly) untraceable. However, you might be able to comply if you insist that winnings are always paid back to the same bitcoin wallet that they came from. The justification here being that your website won't have 'washed' the money any further than it was already laundered.
Limiting the 'spontaneous' gambling is part of what you have to do to comply with Gaming Commission rules - you have to include ways to limit the amount of money deposited or gambled, and you have to provide a mechanism to self-exclude, or ban yourself from playing.
I'm more interested to see if these guys get shut down or if the Gaming Commission would turn a blind eye. I notice no available contact details on the site or domain name registration. (Good for avoiding the law, bad for making me trust you with my money.)
Oh no, somebody call the bitcoin police, quick.
Or the regular police would suffice, in this case.
This mixing of algorithms and gambling in the provably fair section got me wondering: Couldn't one set up a kind of market for randomness? Basically you could buy and sell a variance in exchange for an expected value, and people that agree on a trade send bitcoin (or whatever) to a third party, which then draws and pays out the corresponding amount to each party.
It would make for some moderately interesting math, I wonder if there would be an interest in such a service? Basically casinos could then wrap this marketplace and have people gamble, with their expected gains being at a sort of market optimum.
I'm not sure if I understand, do you mean something like this? http://gamesbyemail.com/News/DiceOMatic
I don't really understand why "provably fair" would be so big deal. The house is winning always, no matter what. But I don't gamble myself, so perhaps I don't uderstand that world that well.
Provably fair means the shuffle and order of the cards are verifiably random and also that they cant be changed once the game has started.
Provably fair means you know exactly what you are dealing with before you start. Game payout odds are clearly displayed in the payout table.
My gut feeling is that since it's using a repeatable number-generator (without which it wouldn't be "provably fair" as you have described), it might be possible to game by client-side pre-evaluation of the sequence. Even if the whole sequence isn't finalized until the initial bitcoin transfer is made (I only have the information provided on the site to go on...), it might be possible (for example) to strategically transfer/commit, at a known/manageable cost, but simply not play the hand (abandon the transfer) unless the payout is greater than your expenses, circumventing the game's long-run behavior entirely. We don't have server code to look at (github?), but we all have access to python's libraries and can seed our own PRNG after the transfer in order to evaluate the hand/sequence.
Not exactly. It means, you can check two things after you have played:
1. The random number was generated before you even started. So the house could not change the number depending on the actual bets.
2. Distribution of random numbers over time. E.g. if the rule is "win when uniformly random number 0..1 is greater than 0.5", then you can check the history of all random numbers played (at least with your bets, if you don't trust the house to show real bets for other players) and calculate the properties of actual distribution. If it does not contain a significant offset, then it's fair. (Small deviations can be seen simply as part of the fee.)
I know what probably fair means, just that I don't understand why it would be so big deal. Why would the casinos cheat if the probabilities are on their side in every case?
i guess because things like 888casino are not provably fair you just have to take their word for it that it really did come in as red 8 times in a row taking all your money, at least with provably fair you can see how red or black are determined and then confirmt hat you were not screwed becase you dropped a big bet on the table but you were screwed by random chance.
I guess with bitcoin being so anonymous, it would be easier to get away with fraud and never be caught compared to a company that accepts USD though VISA.
it's all about reputation. all games are made public online. all payouts are displayed on the website. if things went array for any reason it would be public knowledge very quickly and thus the end of the site.
I like the idea of provably random, but I think I would change it in a subtle way: I would pull the least relevant digits from a list of stocks (or currencies), sum them, then hash them. The key would be to do this after the bets are placed. Since any amount of jitter on the least significant digit for any of the stocks completely changes the outcome, and since there are already massive third parties interested in the exact nature of these numbers, you would have a very random, very provable flip. You wouldn't need a changing seed because the bets would come in and then everyone would wait a second or two and then the result would be provably fair.
The problem with your provably random method is that it is still possible for the house to get a slight edge. Since the server seed is random, you could regenerate it hundreds of thousands of times so that the house has a slight edge for the first two or three flips (assuming there are lots of people playing on the same deck, it gets wayyyy easier if it is one deck per person). You don't need that much of an edge to dominate your competition. An edge of 2 or 3% doubles your revenue; which would 4x or 6x your profit, since margins are usually thin for gambling sites.
What stops you inserting your own choice of extra payouts into the game history?
This would make people believe you were paying out at a higher rate than you actually are.
I'm not suggesting you're doing that, just wondering what stops it, as I don't see anything immediately obvious.
nothing technically stops us but again i see payout history as a 'soft credibility booster'
the games are random and can be verified to be so. we publish the payout table. if you win we pay, if you lose, we don't.
other peoples historic results have no bearing on the authenticity of your game.
Is any of the equipment based in England? You might want to check the Gambling Commission website to check if you need a licence.
Just curious, how this link was posted anew, since there was one on HN previously?
heh, it seems one has a trailing slash and the other doesn't. I knew the dupe detector could be tricked by a trailing #, but this is new to me.
ah - got it.
I'm wondering about the security of the generators and hashes you use. SHA-256 is to my knowledge fine, however the Mersenne twister used by Python isn't (see http://en.wikipedia.org/wiki/Mersenne_twister, although there may be modifications in Python). You have little plaintext, so I can't really find anything obvious, but given the nature of the site, you may want to use something cryptographically secure.
nothing like getting on the front page of HN when you are no way ready for it.
I was saving the private URL's (e.g. http://bitino.com/uQWyylFetc...) to go back to and withdraw my cash later. (My browser cookies clear upon exit). The pages show the correct bitcoin balance, but they're not letting me withdraw! It says I haven't played a game, so even when I go ahead and play another, it still says "You haven't played yet!"
Could you fix this ASAP because I actually put a decent amount of money in this...
You posted 33 minutes ago. Give them a chance to reply and resolve your issue
Okay, I revoked the accusation. I'm afraid my instinct is to mistrust people by default. We'll soon see if my instincts are wrong.
clearing your cookies may have caused the issue. send through here an address and we will process the withdrawal reply
Thanks for the reply!
There's actually a lot of them. Is there a way to just modify it so that I can withdraw using just the private URL? (Otherwise, I'll send another support email [from gummybean] with the addresses.)
we haven't received any emails from you - support@bitino.com will look into the private URL thing now and revert. You will get your BTC soon one way or another.
You haven't received an email? That's odd. Here's the message (as shown by Gmail -- all "Delivered-To" fields in the sent folder show my address since it's not the actual email you received):
MIME-Version: 1.0 Received: by 10.181.12.109 with HTTP; Fri, 1 Mar 2013 05:56:50 -0800 (PST) Date: Fri, 1 Mar 2013 08:56:50 -0500 Delivered-To: gummybean@gmail.com Message-ID: <CAN-d5MKpUD4b=NVXrEcNEN8BB014k5txuBvQ49D+f=GPBL0_hg@mail.gmail.com> Subject: URGENT: Problem withdrawing from private URL! From: Gummybean <gummybean@gmail.com> To: support@bitino.com Content-Type: multipart/alternative; boundary=f46d04451a1f07ab6e04d6dd6126 --f46d04451a1f07ab6e04d6dd6126 Content-Type: text/plain; charset=ISO-8859-1 Dear Bitino, I'm a little bit worried. I was saving the URL's (here's one of mine: http://bitino.com/REMOVED/) to go back to and withdraw my cash later. The page shows the correct bitcoin balance, but they're not letting me withdraw! It says I haven't played a game, so even when I go ahead and play another round, it still says "You haven't played yet!" Could you fix this ASAP because I actually put a decent amount of money in this. Thanks, REMOVED --f46d04451a1f07ab6e04d6dd6126 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div>Dear Bitino,</div><div><br></div>I'm a little bit worried. =A0I wa= s saving the URL's (here's one of mine:=A0<a href=3D"http://bitino.= com/REMOVED/">http://bitino.com/REMOVED/</a>) to = go back to and withdraw my cash later. =A0The page shows the correct bitcoi= n balance, but they're not letting me withdraw! =A0It says I haven'= t played a game, so even when I go ahead and play another round, it still s= ays "You haven't played yet!"<div> <br></div><div>Could you fix this ASAP because I actually put a decent amou= nt of money in this.</div><div><br></div><div>Thanks,</div><div>REMOVED</div> --f46d04451a1f07ab6e04d6dd6126--Text email shows your bitino URL (href)- suggest your edit/remove it as well.
bizarre, sorry about that.
So... to be clear, are you all going to change it so that you only need the private URL to withdraw funds (no cookies), or do I need to email support to get my BTC back?
Thanks
please email support with the total amount you need to withdraw and an address.
On initial glance, and I may be a million miles off here, it feels like the history section which shows payouts is rather redundant.
It seems like there's nothing to stop the casino inserting their own played games (either real but fixed, or entirely faked) to "adjust" the balance of historical payouts in one direction or another?
The concept of the public seeds is clever though
> The concept of the public seeds is clever though
It's what all the other bitcoin gambling websites do. I can't hotlink it, but visit here[0] and click "verification" in the top right.
we hear you.
however, historical payouts dont effect the veracity/authenticity and fairness of the game.
they are displayed to highlight some recent payouts more to establish initial credibility than anything else.
I'd be concerned about running an online casino with a .com domain. The US government has a track record of seizing domains.
http://www.wired.com/threatlevel/2012/03/feds-seize-foreign-...
But this is what is really interesting about it. If the US government moves to shut this casino down, are they admitting that bitcoins are money?
we are not a casino. this is a tiny side product built by a couple of guys over a couple of days to explore bitcoin.
Why are you not a casino? People gamble with bitcoins and can win more bitcoins. Your site describes itself as "Win Bitcoins playing classic exciting gambling games at our Bitcoin Casino. Fair and Verified Games. Instant Withdrawals."
My apologies if I've mischaracterized you, but a casino is "a public room or building where gambling games are played." bitino seems to clearly be an online variant of that.
(Edit: can't grammar)
I like the idea, but I could not even see the menu! I had this annoying video overlaying the menu: http://pbrd.co/Z60dPK It seems like it stuck in place.
you can see the game in action here - http://bitino.com/about/
FYI, there are a few typos in that page:
"ammounts" should read "amounts" "Private Game URL's" does not need an apostrophe "You muse keep your game" should read "You must keep your game" (I'm guessing that one)fixed. thanks
It looks like 30 bucks in few seconds. Nice. Like it.
I am curious how are you guys making profit then?
Because, if you lose once, you lose?
Yes this is correct. i lost once, i lost it all.
Flagged. Bitcoin is a scam designed to make money for early adopters.
You are aware of the fact that YC funds at least one Bitcoin related start-up, right? Flagging this for being a scam is a bit ironic, in the Alanis Morissette sense.
So is any startup.