Why I believe in Provable Fairness

Bitcoin was created on the principle of trustlessness. Back when it was created, it didn't attract the same attention that it does today. The people that worked on and built the Bitcoin ecosystem did this because they didn't want to have to put their trust into anybody.

Provable fairness was created as a direct consequence of this. People looked at traditional gambling and saw something that could be improved upon, something that could be changed the same way they looked at money and thought of Bitcoin. The result was the first completely trust less gambling system the internet had ever seen, and it sparked a boom. Although the system originally only applied to generating random numbers for dice, the process was quickly adapted into many other games and a whole new community was formed.

But as Bitcoin grew more and more, and started attracting different people, some joined the community that weren't familiar with these systems. These people didn't understand the significance of being provably fair, or what it really meant. Later on, some people with a lighter sets of morals started trying to take advantage of this lack of knowledge. Some of them used software they bought from some other companies. Or worse, they created systems that at first looked to be provably fair, but upon closer inspection, contained holes that made it difficult for users to keep the site truly provably fair. These people looked to take advantage of newcomers that didn't know the reasons behind this technology that had been created for the benefit of the user.

This is an opportunity to be reminded of why provable fairness was created. People need to be educated, without getting taken advantage of.  I believe in provable fairness because it shares the same core principles as Bitcoin itself, and once people see and understand it, they will see what an amazing thing it is.


The Problem with a lack of Vigilance

Provable fairness allows users to play on sites without the fear of their bets being altered into the favour of the house. But there's an important caveat that is often missed or not explained to the players. Full trustfulness is only there if the player does what they need to do also. Nearly all provably fair systems operate on the server seed/client seed model. The server shows you a hash of their seed before you start betting, allowing you to change your client seed before the first bet of the round. This way, since you are introducing new data into the hash function, the outcome of the hash is no longer controlled by the site as they do not have control over the data you give them.

But here lies a problem. Many sites will fill that box for users when they change their seed. This in itself does not have to be a problem. In fact, it's possible for this to be even more secure than the user entering their own data. If the site allows you to enter up to 32 random characters and they auto-fill the client seed box with 32 actually random characters (preferably generated on the client side with JavaScript instead of by the server) then it's more secure than just entering "1234" as your seed, just like a password. (However it's only "more secure" if the site is malicious and trying to change outcomes, and such a site would probably not generate good seeds for you, making the point unnecessary).

The problem with pre-filling the client seed comes from a situation where the site is malicious, which we should assume until proven otherwise. A malicious site can easily generate a server seed and client seed ahead of time that will result in more losing bets than winning ones. It's just a matter of generating random client seeds and checking the results until they get one that's sufficiently "bad".

If this site were to present this bad seed to the user as a sort of default option, many people would click past it and not think about it. The site would still use all the same provably fair algorithms, but could still be cheating you. Such a thing would only be possible if the site thinks you are likely to keep betting high or keep betting low, because estimates for you winning rely on consistently betting one or the other. (If the site generated a seed pair that would make you lose 55% of the time if you bet high, but you chose to bet low instead, you would be winning 55% of the time instead of losing). However, if the site does not allow you to pick high or low (or the game is some game other than dice where the numbers affect the outcome in a different way) it this opens up a good attack vector for them.

The concern with this kind of attack on players is small, because it would be difficult for a site to pull off consistently, especially without eventually drawing attention. However, no small hole should be discounted, especially with technology becoming more prominent. If you take anything from reading this, always change your client seed to something that you created and copy down the hash of your server seed before you start betting.


White-label Software: It's time to move on

Current state of play

Bitcoin has ushered in a new era of systems, schemes and ideas. People have realised that we no longer need to place our trust in intermediaries. We've developed amazing tools such as provable fairness, decentralised exchanges, smart contracts, atomic swaps, amongst many other ideas still on the horizon. However, some people seem stuck in the past. Some Bitcoin casinos still choose to use white-label software and other "one size fits all" scripts and programs for their platforms.

For the unfamiliar, Wikipedia defines white-label software as "a product or service produced by one company (the producer) that other companies (the marketers) re-brand to make it appear as if they had made it''. As far as Bitcoin casinos go, this means companies buy developed casinos and rework it to make it "theirs". Software packages designed like this are often not designed to work with Bitcoin out of the box. As a result, you end up with websites with awkward alternate currencies, using outdated dependencies like Flash, that don't really present themselves as websites pushing a new technology.

Where should we be heading?

The rise of Bitcoin meant we needed to start over. To stop accepting mediocrity, and to work towards the best technology we could create. Instead of using white-label software, write your own. Bake in Bitcoin support from the ground up, making it an integral part of the user experience. It would be the new technology available to build the best user experience possible. This was the vision, but we aren't quite there yet.

It often seems like the sites that develop their own software care more about their users as well. Who would you trust with your money? The site that bought their software, or the site that designed everything from the ground up? There are some things you won't find in white-label software at all. Such as, provable fairness, early deposit credits, cheaper batch withdraws. When a chain fork occurs, who do you trust to give you both coins?

Design-level decisions can't be made with white-label software. Everything is handed to you as-is, and making changes is usually difficult and dangerous. Changes in code someone else wrote could end up with unintended consequences leading to loss of user funds, security holes or similar things. If you have a new amazing idea for a game, or want to introduce new technology, often times you'll end up out of luck.

Final thoughts

The types of people likely to buy software instead of build it themselves are usually more interested in making money instead of captivating their users. The websites usually lack a lot of features that people have come to expect from Bitcoin websites. The point of this article is to get the point across that we have the technology to make great websites. It's time to take advantage of all of this innovation and stop settling for average.