1/ Okay, time to use a Visa gift card and a disposable e-mail address and explore the technical details behind this "Trump NFT". I'm posting this thread to Twitter even though I suspect most followers are Mastodon (meaning, 280char limitation). 
2/ As usual, they have a privacy policy that states "your privacy is important" and "we can and will violate it for any reason".
I'm using a separate email address to track in the future when they sell my private info. I expect to get Trump campaign ads to this address in 2024.
I'm using a separate email address to track in the future when they sell my private info. I expect to get Trump campaign ads to this address in 2024.
3/ Their main website has a FAQ.
This isn't campaign related (they rightly fear campaign finance laws).
It's possible they already paid Trump Org a lump sum, regardless of how many they sell. Trump's Organization makes most of its money simply licensing the Trump name.
This isn't campaign related (they rightly fear campaign finance laws).
It's possible they already paid Trump Org a lump sum, regardless of how many they sell. Trump's Organization makes most of its money simply licensing the Trump name.
4/ I have now bought one. A $100 gift card was rejected due to "insufficient funds", but a $300 gift card worked.
It's been over 10 minutes, and I still haven't received the NFT in the email.
It's been over 10 minutes, and I still haven't received the NFT in the email.
6/ The contract is public on the Polygon blockchain (a sidechain of Ethereum with dramatically lower transaction fees popular for NFTs).
As we can see, roughly 23 thousand (out of a total of 45,000) have been minted so far. An hour ago, it was 22 thousand.
polygonscan.com/address/0x24a1…
As we can see, roughly 23 thousand (out of a total of 45,000) have been minted so far. An hour ago, it was 22 thousand.
polygonscan.com/address/0x24a1…
7/ One of the reasons I'm doing this thread is to answer this question. You can either use a wallet OR buy with credit card. But your NFT is only meaningful if you have a wallet, so what happens when people buy with credit card without a wallet???????
8/ After about 20 minutes it finally arrived in my email inbox.
Before I bought the NFT it had me create an account with a company called "web3auth", which in turn created a web-accessible wallet with "tor.us".
In other words, it created a wallet for me.
Before I bought the NFT it had me create an account with a company called "web3auth", which in turn created a web-accessible wallet with "tor.us".
In other words, it created a wallet for me.
9/ You all can view my NFT. It's on the Polygon blockchain. OpenSea is the most popular way of viewing/trading such things, but since NFTs are a standard contract on a blockchain, anything can be used to view/trade them.
opensea.io/assets/matic/0…
opensea.io/assets/matic/0…
10/ So what did I get for my $99? What I got were these three things:
1. Matic (aka. Polygon) blockchain
2. contract identified as 0x24A11e702CD90f034Ea44FaF1e180C0C654AC5d9
3. token #22884 in that contract
I now have control over token #22884.
opensea.io/assets/matic/0…
1. Matic (aka. Polygon) blockchain
2. contract identified as 0x24A11e702CD90f034Ea44FaF1e180C0C654AC5d9
3. token #22884 in that contract
I now have control over token #22884.
opensea.io/assets/matic/0…
11/ It appears the token was minted and assigned to my wallet almost immediately -- it just took 20 minutes for the email to arrive informing me of that fact.
12/ Using a blockchain explorer for that contract address, I can enter the token #22884 and see what it points to. It points to this URL.
That's what an NFT points to. It doesn't even point to an image, it points to a URL.
If that URL disappears, then the NFT points to nothing.
That's what an NFT points to. It doesn't even point to an image, it points to a URL.
If that URL disappears, then the NFT points to nothing.
13/ What at this URL? The image? Nope -- it's metadata about the image.
cards.collecttrumpcards.com/data/22/22884.…
cards.collecttrumpcards.com/data/22/22884.…
14/ That metadata finally points to a URL of the image.
But the website can change that image any time it likes.
One of the thing cypherpunks like to do is mint NFTs where the website returns different images depending upon what you use to read the NFT.
cards.collecttrumpcards.com/cards/3b96f1cd…
But the website can change that image any time it likes.
One of the thing cypherpunks like to do is mint NFTs where the website returns different images depending upon what you use to read the NFT.
cards.collecttrumpcards.com/cards/3b96f1cd…
15/ There are ways of creating fully decentralized NFTs, using the cryptographic hash of the image accessible via such things as IPFS or BitTorrent.
But most choose to centralize the NFT, defeating the entire point of using a blockchain.
But most choose to centralize the NFT, defeating the entire point of using a blockchain.
16/ According to the FAQ on the CollectTrumpCards.com website, it's randomly assigned which image you'll get for your token. Some images have only 2 tokens that'll match them, some up to 20.
That implies at least 2,000 distinct images.
That implies at least 2,000 distinct images.
17/ But even then, the images are built from re-used components, like my token #22884 and token #22891. Swap the background, add a hat, and you have a "new" image.
18/ So the answer to this question: they are all different, but they are all the same.
19/ They are up to token #26443 so far. You can compare this to the tweet above from an hour ago to see that around 1000 have been minted in the last hour.
Note: they could be "minting" them but not actually selling them.
Note: they could be "minting" them but not actually selling them.
20/ If you are a hacker like me, this is the first sort of thing you'll think of -- just download all the NFTs and their metadata from the website:
21/ As you can see, the elements in mine are the most common, with the character="Blue Suit Finger Point", face="Smile", hat="Red Golf"
22/ Since the URLs exist regardless of what's on the blockchain, you should be able to download all the future ones, find the rarest, then time your purchase just right to snag a rare one. They've though of that: the URL isn't active until the blockchain mints it:
23/ Even single-line scripts have bugs:
24/ I'm stupid. It seems that OpenSea already tracks these traits so I don't have to write a script to do it myself. It's right there in the URL if I just read the webpage instead of diving straight into code.
opensea.io/assets/matic/0…
opensea.io/assets/matic/0…
25/ As this person politely points out (thanks for the compliment), this is indeed a common thing for NFTs. Though only for a certain class of NFTs, not as they imply, all NFTs.
26/ As Adam points out, yes, sometimes people get prosecuted for simply editing a URL to get to things that may not be intended, and writing small scripts like that simply increment the number.
The courts haven't yet figured out whether it's actually a crime.
The courts haven't yet figured out whether it's actually a crime.
27/ Intentional "unauthorized" access is crime.
But if they put something on a website publicly accessible with no password, is it "unauthorized" for the public to access it?
Or maybe it's only authorized if average users can access it, but not if it requires techies w/ a script?
But if they put something on a website publicly accessible with no password, is it "unauthorized" for the public to access it?
Or maybe it's only authorized if average users can access it, but not if it requires techies w/ a script?
28/ Uh, I just now logged into that wallet they created for me -- and the NFT isn't there.
The NFT was assigned to the wallet: 0x04Ceb...f9786
The wallet they created for me is: 0x7b59...f58f8
So I don't actually have the NFT I supposedly own.
The NFT was assigned to the wallet: 0x04Ceb...f9786
The wallet they created for me is: 0x7b59...f58f8
So I don't actually have the NFT I supposedly own.
29/ This could only happen paying with a credit card, something failed in the backend creating the virtual wallet. Had I used a real crypto wallet, this probably wouldn't have occurred.
They do have support, so I entered something. But they have no trouble ticketing system.
They do have support, so I entered something. But they have no trouble ticketing system.
30/ Ok, solved (thanks @mvaneerde).
1. go to app.openlogin.com
2. "View Authorized Apps"
3. Click on that tiny blue download button in the bottom right
4. this downloads the PRIVATE ethereum key
1. go to app.openlogin.com
2. "View Authorized Apps"
3. Click on that tiny blue download button in the bottom right
4. this downloads the PRIVATE ethereum key
31/ Next, using any wallet, import the key. I'm just going to use the online wallet they gave me. Click on the settings thingy in the upper right and "Import Account", and paste that private ethereum key.
Then you'll see it's found your "Collectibles" on the blockchain:
Then you'll see it's found your "Collectibles" on the blockchain:
32/ This Torus Wallet doesn't allow me to do anything with it other than transfer. But the NFT is on the blockchain. I could in theory import the Ethereum private key into any wallet. In practice, they don't make it easy.
33/ So what if you want to sell it? The easiest way is probably just using opensea.io. Go to the website and hook it up with your tor.us wallet above. Just go to OpenSea, even without creating an account, go to "profile" and connect to Torus.
34/ After going through the authentication, you can now click on your NFT and sell it. There are already offers for it. I can just accept this offer and it's sold, getting Ethereum deposited into my account.
35/ I think these offers are purely within OpenSea (not on the blockchain). Let's accept one and see what happens.
36/ The problem is that OpenSea needs some funds (a tiny amount) to complete the transactions. Every transaction on the blockchain costs coins. So it needs a small amount to start the transaction.
So I have to add like $5 to my wallet.
So I have to add like $5 to my wallet.
37/ I'm struggling through the various providers. They don't seem to want to accept my anonymous debit cards.
38/ I backed and tried the transaction again from scratch. (It's not logical it should cost ETHER). I keep bouncing from between OpenSea and the Torus wallet telling them it's confirmed/authorized, with both of them popping up errors that I ignore.
39/ I've got all these windows open trying to get this thing authorized. I'm not sure exactly what was going on between Torus and OpenSea. I'm sure it means something can get hacked in there.
40/ I could complete the transaction because somehow Torus dropped $5 worth of the MATIC (meaning Polygon sidechain) token into my account. I have to figure out where that came from and why. I couldn't actually buy any with my debit cards.
41/ But anyway, a person named "lululemons" is now the proud owner of the NFT I bought.
42/ Anyone can see the transaction on the Polygon sidechain:
43/ Using some tool to explore the blockchain, you'll see this data. You can see the small transactions for the various contracts involved, plus the $42 worth of Ether transfered to me.
polygonscan.com/tx/0xb9b3398f0…
polygonscan.com/tx/0xb9b3398f0…
44/ And and separate part of the transaction is the NFT going the other way to the buyer, at the bottom of this screenshot.
45/ The various transaction fees involve paying contracts. Using my private key (using Torus), I've told my NFT to allow a specific OpenSea contract to trade the token. That contract in turn works with the buyer's tokens, because the buyer authorized.
46/ That OpenSea contract then does the swap on the blockchain. Note that it's the OpenSea contract that does the exchange, completely decentralized. It's a contract that some time in the past that OpenSea posted to the blockchain.
47/ Anybody can use that same OpenSea contract to swap NFT tokens for Ether tokens. Even if OpenSea disappears, we can still use that contract, becuse it's still on the blockchain. However, I suspect part of the rules in the OpenSea contract is to send them a fee.
48/ Annoyingly, the Torus wallet shows my account balance hasn't changed. But, using a blockchain explorer, I do see that I've got the $36 of Ether at my blockchain address.
49/ I apologize for being confused: I know the theory, but don't have much experience with practice, because NFTs are scams so I've avoided the whole thing :-).
50/ But the key thing from this thread is that I've successfully bought AND sold a Trump NFT. It's not simply watching the process of getting an NFT, but also the process of getting rid of it. It's cost me about $70 :-)
So here's a great thread on where some of the artwork came from.
https://twitter.com/mattsheffield/status/1603642894224543744
52/ Blame these people for this thread, btw. They make me do bad things.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
