Bitcoin Forum

Hello,

As some of you may have noticed, there was a bit of a mess on the forums last night. In a thread last night, we released customer information in attempts to publicly shame (https://bitcointalk.org/index.php?topic=131574.0) a scammer.

The community has been outraged at this invasion of privacy.

On behalf of the Bitcoin Store, I would like to apologize.

First, to Nikolaos (Nethead), I apologize for the fumbled, and crude, handling of this situation. Everyone involved at the Bitcoin Store is a hardcore believer in Bitcoin. What some of us saw, true or not, is that someone was attempting to harm his store, and because the store's sole purpose is to promote Bitcoin, we saw this harm as an assault on Bitcoin itself. Our actions were irrational and unprofessional. We handled the situation poorly. I'm sorry.

I was reading through the threads and noticed this:


Please don't leave Nethead. Scammer or not, Bitcoin needs people like you just as much as Bitcoin needs businesses like ours. We're sorry for this mess up, don't let it spoil Bitcoin for you.

Second, to the rest of the Bitcoin community. Today you got to see that everyone is indeed fallible. We apologize for these mistakes. You have trusted us with your business and today we failed to act in the utmost care required by that trust. I would say that everyone has their off days, but we're not going to make excuses. We screwed up, we'll work to make this right with everyone.

We have taken the following steps to stop this from ever occurring again:

• Blockchain.info admin privileges have been revoked for everyone except Ben who has hidden the secret phrase from the admin panel: https://bitcointalk.org/index.php?topic=131608.msg1409489#msg1409489
• Customer information has been removed, https://bitcointalk.org/index.php?topic=131574.msg1408898#msg1408898
• We are currently reviewing our privacy policy. What we did today was excessive. I do not want customers fearing the use of their private data.

Please reply with any further suggestions you have for us.

Thank you,
-Jon

Fuck off.... NEVER BUY on this store, or give your money to ANY project ROGER VER is involved with. These include:

BLOCKCHAIN.INFO
BITINSTANT LLC
MEMORY DEALERS
BITCOIN STORE

ROGER VER and the thugs at bitcoinstore decided it was a good idea to abuse their admin priviledge at blockchain.info (that he should have never had by the way) to exhort a customer of them for some change owed.

Here is the full thread on the extorsion. READ CAREFULLY:

https://bitcointalk.org/index.php?topic=131574.60

I am taking this as a ringing endorsement btw.  People who work hard on creating the BTC economy, ROGER VER included, will be rewarded and their works live on.

Thieves, scammers, and nobodies will rage and cry in posts like yours.

We're no thugs.

Roger used his admin privileges, which have been revoked. It was a mistake.

We're apologizing and want to work to make this sit right with the community.

Thank you.

Oh, come on...

I was restraining myself from posting in this late drama since it was too much "storm in a glass of water" to my taste, but this abandon of self-respect here is not necessary.

No, Bitcoin does not need dishonest people. Actually, nothing does. Assuming the guy is really refusing to refund the mistaken transaction (what really seems to be the case), he's dishonest and we are better off if he just disappears.

It's okay and admirable to recognize your own mistakes. I just don't think they were that serious to justify all this drama... publicly posting the individual's personal details might have been unappropriated... But he shouldn't have lied and kept your money either. There were mistakes from both sides, but Roger's mistakes were certainly less serious, from a moral/ethical perspective at least.

You don't need to lower your head that much. Unless I'm wrong about something, that individual own more apologies to you that you own to him. You're falling at "troll baits" here and humiliating yourself.

What is done, it's done. Just hope you learn with this mistake.
Long life to Bitcoin. We're all in the same boat

Like I said, holding everything else aside, the point of this store is to promote Bitcoin and introduce more people both to Bitcoin itself, and the savings and benefits it can bring.

Dishonest or not, we should not be pushing anyone away from Bitcoin.

It was a mess from the start and admitting that our side was wrong is one of the few ways to move on.

I doubt Nethead will apologize. I don't know if he has to, in any case, we screwed up, and we're apologizing for that fact.

Great to see this response and look forward to seeing the more explicit privacy policy.

Thank you.  Roger never should have abused his admin access as an employee at blockchain.info, but once he did and was called out on it, an immediate response like the one you just posted would have headed off a lot of the "uproar".

Roger's failure to acknowledge his own wrongdoing (as well as blockchain.info's failure to consider the possible conflict of interest in giving Roger admin access in the first place)  dragged this out far more than it ever needed to be.

Clearly NetHead was wrong in his decision not to return money that wasn't rightfully his.  I think most of us recognized this from the beginning, but a business is held to a high standard. We give the business our personal information and trust them to engage in honest and trustworthy transactions.  The fact that I can't trust some random guy named NetHead does not surprise or bother me. The fact that my trust has eroded in what was otherwise a great business does surprise and bother me.  I'm glad to hear that actions are being taken to address the situation, and I'm glad to see that you are not trying to claim that there was no wrongdoing on Roger's part.  This goes a long way toward rebuilding trust.  Unfortunately it is a lot easier to damage one's reputation than to rebuild it.

You should treat the disclosure of personal information like capital punishment--to be reserved for only the greatest of offences and only when you are absolutely certain of the party's guilt.  There are several lessons the community can learn from this: 1) trust your personal information with no one, 2) use Tor all the time, and 3) remember that Bitcoin payments are irreversible and be ready to accept the consequences if you send a payment in error.

I'd like to see the logged IP addresses at blockchain.info hashed with a secret key so that they aren't just stored plaintext in the databse, but could still be validated for locking by ip or password lookup.

The greatest part of this is that we have had a (relatively) quick and precise response to the situation once people got out of the heat of the moment.

I think we can all agree that paypal, ebay, or anything similar would have done the same.  I think one of the goals of BTC was to give power to the people and take it out of the hands of giant conglomerates.  This is an example of BTC's success.

No, Bitcoin doesn't need to have dishonest people as part of the community, but if the Bitcoin businesses want to promote Bitcoin then there needs to be professionalism, honesty, and trust - even when dealing with scammers.  This scammer wasn't even really a scammer or a troll - just some coward who didn't do the right thing and return the Bitcoins.  The problem with the original response is that it turned some dishonest Bitcoiner into an active agent against Bitcoin with a personal vendetta - which the Bitcoin community needs even less.

Even if the scammer doesn't deserve it, the apology is a classy thing to do and shows that the BitcoinStore is willing to make things right if they've done wrong - the kind of thing an online retail business should do.

Thank you for sounding your concerns in other threads as well as this post.

We all had some misjudgments this last day. I assure you, nothing of this sort will happen again under my watch. There is a LOT of inbreeding that goes on in Bitcoin companies, unfortunately due to the market size, it is inevitable. We've cut any conflict of interest that could arise from Blockchain access, so that issue is pretty much solved.

The bigger issue as you indeed pointed out is rebuilding our reputation in the eyes of the community. Hopefully we can reprove our trustworthiness this January as we publicly launch the store. I'm glad that we got this first hurdle out of the way though, every business is tried is some way, we've discovered some internal weaknesses that we're moving quickly to correct.

Thank you,
-Jon

With a name like Nikolaos I guess he's Greek. It's unbelievable how tight things are for regular people there right now. I feel so sorry for them, their entire country has been taken for a ride ever since WW2.

And somebody just puts a large sum on his account just like that. (didn't get how much it was) When he probably needs it the most. It's understandable that he got tempted. Sure he might have to explain that in heaven one day but for goodness sake this vendor should have been more careful and the naming and shaming was disgraceful regardless.

Well I'm a newbie and I cerainly will not be using blockchain.info
I see that Danny Hamilton who recommended it to me had second thoughts too.

As best I recall, it was a bit more than 4 BTC (somewhere around £36.90)

If we are to believe Roger from MemoryDealers.com, an employee accidentally gave out the wrong address to another customer to receive payment.  That other customer
then sent payment to the address provided (which happened to be an address that was actually under the control of Nikolaos).

Blockchain.info has addressed the situation quickly and appropriately.  They were not the ones who did the naming and shaming (That was Roger from MemoryDealer.com who happened at that time to also be employed at blockchain.info).  blockchain.info removed his employee access to personal information as soon as the issue was pointed out to them.  Furthermore, no blockchain.info bitcoins were ever at risk in this event. At this point I do not see a reason to avoid using blockchain.info.

It was a small amount, with mistakes on both sides.

At this point Blockchain.info is entirely removed from this situation.

We're doing our best to regain trust at Bitcoin Store, please do not discount us solely on this mishandling.

Thank you,
-Jon

Talk is cheap, I think the real victim is the person who's privacy was invaded.  That person should be given compensation for this cheap attack and it should be more than 4 BTC.

It's clear that you haven't run or owned a business. Otherwise, you wouldn't be so cavalier about rewarding criminals and thieves.

If you ask me, (that nobody has), this is all a bit of a storm in a teacup.

Overall I think that it is good for the community if dishonest people get outed.
(and not repaying a mistaken payment is dishonest and shows poor character).

I would be glad to know to avoid such a person in future business dealings.

Edit: Spelling

I agree.  It is also good that flaws in some of the BTC businesses here were recognized and repaired. 

What isn't good are the people still flailing around looking for attention because they have some imaginary axe to grind.

No, he shouldn't.

Thanks for the public apology Jon.  My faith in your business never wavered because of this incident (I know that we're all only human), but it is still good to hear an official statement that this sort of thing will not happen again.

:D

Can we label shad0wbitz and stochastic "Public Flailers"?  :D

It is not a scam if someone gives extra money as a refund.  When you click send on the bitcoin client you are confirming the sending of that amount.  The person that receives that amount is under no obligation to return that money.  The user signed up for nonreversible payments when they used bitcoin.  They also agreed that the owner of that bitcoin address is the new owner of the amount of bitcoins sent to them.

In fact an investor of blockchain.info violated its terms of service.  If I violate the terms of service of a service I use then I may lose my account or have to pay a fine.  If an company breaks its own terms of service of its account and and released that information to a third party then that business needs to pay a fine to the customer that was harmed.

Below sums up the problem very well.


If I had a business where I let an employee or investor have access to the company car, and that person drove over a customer; my business that allowed the employee/investor use that car would need to pay retribution to the customer.  Me telling that customer that I took away the employee's keys is not enough.

Oh u, trolls.

If that customer took shots at you with a loaded gun, would you still need to pay retribution?

If nhead was completely innocent of any wrongdoing, I might feel differently, but given the scamming douche he is, I have little sympathy for him.  If he wishes to seek restitution, then that is his own prerogative.  It is not something that we can (or should) impose as a requirement for blockchain.info.

How am I flailing?  A company offers an apology to "the community" because of "The community has been outraged at this invasion of privacy."  The apology was not offered because of the invasion of privacy and the breaking of the terms of service of blockchain.info.  The apology is because "the community" is outraged.

I am saying talk is cheap.  I will believe someone is sorry if they are justly punished for the breaking of terms of service and the violation of a customers privacy.

I am not saying blockchain.info has to give back money.  I am only saying, I don't accept the apology.  A worded apology is not worth much to me.  Put your $$ where your mouth is.  The company violated its own terms of service.  If the company wants its customers to not violate its terms of service in the future then they need to show that the company will take a financial hit to show that the are sincere.

I understand, as a business owner, sometimes it's difficult to accept that someone stole from you, and
your principles won't let you give it up so easily, even go as far as letting your principles cloud your
judgement. But really you have to accept the loss, learn from the mistake and move on, it's just part of
the cost of doing business. In a sense, it's a valuable lesson, to learn how to prevent the same thing
happening in the future, how to improve your processes.

So, pay a fine?  To whom?  How much?

Was it ever established that nethead was lying?

Let me remind you:


That bolded part seems to invalidate the only 'proof' of his fault we ever had.

Not *really*. According to Roger - his company gave his address as a payment address to an another customer.

Can't really verify it's Rogers's word vs Nethead's at this point. And Roger already provided false information by claiming that BitPay sent funds to that address.

If that customer can prove that he sent the monies to that address then nethead is lying.

I missed it.

Cliffs anyone?

FTFY

You're "flailing" and whining because you obviously haven't even spent 15 bloody seconds thinking about what you're saying. There are steps being enacted as outlined in the flippin' OP. You want them to pay a guy who has already stolen from them, we get it, but that ain't gonna happen. Not because "talk is cheap" but because that is an ugly and reprehensible thing to do. Especially since the only people who want the guy to get EXTRA money are the thieves and flailers.  

There seems to be no contradiction between Roger's and Nethead's statements. Roger says their customer sent bitcoins to the Nethead's address. Nethead says that his address was was the anonymiser address for one-time use only, which makes the additional funds sent inaccessible. There is no refutation of that as far as I can tell.

I haven't looked into it, but Roger claimed that address belonged to Nethead's wallet. What he claimed: the address wasn't one time use.

Yes, which is why I've brought up this facts, which invalidates the Roger's evidence:

Oh please people. I'm admittedly the first one who will get on anyone's case again and again and again relentlessly,
but PLEASE; this time Roger found someone who understood where the problem is, acknowledged it and confirmed how
it will not happen again. What else do you need? Roger Ver is in contrast to all rumours not actually able to redefine
linear time, so what happened, happened, and now a solution has to be found. While Roger was unable to express it due to
god-complex issues, Jon did it. And he did it fine. He did it as you would expect it from any other business unable to effect
linear time.

After piuk's very quick and necessary changes I think we're in the clear here.

Disclaimer: This is in no way a recommendation to use Roger's services; his willingness to break social compacts became clear
enough, but I don't think it is necessary to further harp on things that can no longer be changed due to them having been
happened and the responsible parties acknowleded that things did not go as they should via third person.

I'm curious about whether Roger has any special access to the user records of other businesses in which he's an investor, such as BitInstant and Coinlab.  As mentioned earlier, there's a lot of "inbreeding" in the Bitcoin economy and the relationships between business owners and other entities in which they've invested really need to be clarified now that this issue has arisen.

Obviously we need the government to come in and regulate these people.

Obviously.   ::)

It's like there's a bunch of whiny 12 year old girls here, I swear... Roger made a mistake, and it's been owned up to.  If you don't like him, don't use his service.  Move on.

omg, what a PR mess for Roger's bitcoinstore. Going forward, it's important for Roger to ensure this type of issues do not happen in the future.

never a dull moment in the bitcoin world.

but the bitcoin world is sort of small right now, bitcoinstore, memorydealers, and the other associated businesses probably lost a LOT of customers in the past 24 hours.  and those customers won't spread the good word about their experiences.  it's like they say you do someone good and they might tell 3 people, but do someone bad and they will tell 10.  well you just told a forum with now >73,000 members (plus reddit and other communities) EXACTLY how you conduct business and it's frightening yet delightfully entertaining to watch from a distance.  I can't see this situation being good for you.

OP: probably shouldn't be linking directly to the 'please delete' thread if it is to be deleted and hidden from view.

I have about 100 other comments I want to make but I shall save face by keeping them to myself.

I also would like to know which accounts Rogers looked up on blockchain.info, who he was spying on.

[Wallet {email='zootreeves@gmail.com'
, guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2'
, shared_key='XXX-XXX-XXX-XXX'
, secret_phrase='My Secret'
, alias='piuk'
, created=Tue Jan 03 12:52:07 GMT 2012
, updated=Tue Dec 18 19:47:40 GMT 2012
, created_ip='81.187.238.52'
, updated_ip='127.0.0.1'
, sms_number='+44 7525431876'
, country='GBP'}
]

The "secret_phrase" is no longer available and lookup by address has been removed along with the hashing of bitcoin addresses:


Note, this is not the user's password.  It is a "secret phrase" used by support to identify you when you contact them looking for assistance with your account.

I worked at a business where theft was common, and I never understood this. Why? Why should businesses accept the losses and allow the thieves to continue? Is privately, and if needed publicly, shaming them so horrible? Are they supposed to be concerned about hurting the sensibilities or feelings of the person who is stealing from them? Is this some sort of a culturally agreed on thing, where the reputation of a thief or scammer is too precious compared to the well being of the victim? Why don't businesses just stop putting up with it and stop enabling it?

Roger said that the email address used on nethead's Bitcoinstore account matched the email address of the wallet containing the address the coins were sent to, tying nethead directly to it. Nethead claimed that the address in question was a one-time anonymizing address, but that would very likely be a lie, since Blockchain's anonymizer doesn't work like that. Anonymizing addresses receive coins, send them to the mixer, and the coins come out of the mixer into the rest of your wallet. These addresses are not "disposable," or meant to be used only once. It's your address. Maybe nethead deleted it, but I don't know what would happen in that case (coins lost forever? Address output still in database, so nethead still received the coins?) Maybe puik can explain the technical part of it. Also, on the page that lets you create an anonymous address, it specifically states, "Transactions received to anonymous addresses cannot be linked to your regular wallet." If that's true, Roger would not have been able to do an address lookup to get nethead's email. So, either nethead lied, or puik has some 'splaining to do.

lol this was awesome just pure awesomeness....

 To recap...

 - Customer pays for something on BitcoinStore
 - BitcoinStore request customer to pay some hidden fee
 - Customer wants refund
 - BitcoinStore refunds customer in full +4BTC (why? idk), and asks Customer to send back the extra 4BTC
 - Customer is pissed off for having BitcoinStore wast his time and refuses to give the 4BTC back
 - BitcoinStore publishes Customers sensitive information to EVERYONE on the internet

is this what happened?

Thank you, seems to be about correct.

No, nhead published the sensitive information, not BitcoinStore.  BitcoinStore only published it after nhead had already done so.

No.

More like this:

• Customer pays for something on BitcoinStore
• Customer requests BitcoinStore lie on Customs forms (against BitcoinStore policy)
• BitcoinStore offers choice of refund or truth on Customs forms
• Customer requests refund
• BitcoinStore refunds to address given by customer

At this point everything is fine so far. Then:

• In separate transaction Bitcoin accidentally has additional 4+ BTC sent to Customer
• BitcoinStore requests that Customer send back the extra 4+ BTC
• Customer decides he prefers to keep the BTC and lies saying the address receiving the 4+ BTC is not his
• BitcoinStore accesses proof that the address does belong to Customer and provides that proof only to the Customer
• Customer gets angry that this proof of his lie was available an publishes his own sensitive information to EVERYONE on the internet to let them know that BitcoinStore has access to this proof
• BitcoinStore's ability to access this proof is removed due to abuse of the access

Not at all.  It was NetHead (the customer) who published his own sensitive information publicly in the internet.  The only wrongdoing on the part of BitcoinStore was accessing the sensitive information in the first place to prove directly to the Customer only that they knew he owned the address that he was lying and stating he didn't own.  They should not have had access to this information, and they no longer do.  They only has access because Roger of MemoryDealers.com was also acting in the capacity of an employee of blockchain.info.  He mis-used the access that he had as a blockchain.info employee to assist in the bitcoinstore.com dispute.  Because of this he is no longer acting in an employee capacity at blockchain.info, and blockchain.info has reviewed and improved their security practices relating to personal information.

So then can we safely conclude they both were wrong. Both Roger and Nethead? Would this be fair?

thanks for the clarification.

I guess i would of done the same thing, prove to the guy i know hes lying to try and get the guy to send back the bitcoin...[/list]

fair

Yes, this has already been well established.  NetHead was wrong to request fraud on Customs forms, wrong to keep BTC that were accidentally sent to him, and wrong to lie about his ownership of the address that the coins were sent to.  Roger of MemoryDealers.com was wrong to abuse his employment at blockchain.info for the purposes of assisting himself in his transaction with BitcoinStore.

Because of this, Roger has been publicly chastised, and has lost his access to any information at blockchain.info, BitcoinStore has apologized for the incident, and both blockchain.info and BitcoinStore have improved their business practices.

Meanwhile, NetHead has published his own personal information and continues to keep the BTC that were accidentally sent to him.

That's what I know:

• Customer pays for something on BitcoinStore
• Customer requests BitcoinStore lie on Customs forms (against BitcoinStore policy)
• BitcoinStore offers choice of refund or truth on Customs forms
• Customer requests refund
• BitcoinStore refunds to address given by customer
• In separate transaction Bitcoin accidentally has additional 4+ BTC sent to Customer
• BitcoinStore requests that Customer send back the extra 4+ BTC
• Customer claims the address receiving the 4+ BTC is not his
• BitcoinStore accesses proof that the address does belong to Customer and provides that proof only to the Customer
• Customer insists he does not receive the 4+ BTC
• BitcoinStore publishes customer's contact details here https://bitcointalk.org/index.php?topic=131574.0 (now removed)
• Customer publishes his own sensitive information to EVERYONE on the internet to let them know that BitcoinStore has access to this proof
• BitcoinStore's ability to access this proof is removed due to abuse of the access

[/list]

In someways this was helpful event. Ironic but true.


He never gave them back?  :o

this community's ability to self regulate is really quite remarkably  :)  

Nope.

lol

Except for that whole fraud thing.

Man, that is kind of dickish.  Btw: Isn't Roger the guy who lost 25,000 coins to some exchange hack? Maybe, its a bitterness carry over?

Even if accessing that information is an abuse of your position as an employe of another business?

Think of it this way.

You work as a bank teller at your local bank.

At a garage sale you are running at home, someone gives you a sob story about how little money they have, so you cut them a break on a price.

Later when you are at work, you look up their account and discover they have more money than they had claimed.

You call them on it and ask for the full price of the item you sold them.

They call the bank and complain that their private account information was used against them in a transaction.

If I am the bank manager and you work for me, I can assure you I would fire you immediately for mis-use/abuse of company resources.

Really?  Josh is an investor in the new company which runs Bitcoin Magazine.  Would you be fine with him him having access to BM's user records and using that information if there was a dispute with a BFL customer who received an overpayment on a refund?

Shit's fair game when you do something like that, IMHO.

And actually, I'd agree with you, but only on the condition that the privacy statement explicitly states that your personal information will be used against you if the company has a reasonable belief that you are attempting to scam or defraud someone.  You can't have a privacy statement that claims that ALL users personal information will be kept private, and also release that information when you believe that someone is engaging in fraud.  That is fraud in and of itself.

Well then let's just have all Bitcoin organisations share their user information and make it public whenever they feel they've been wronged.  We could start with a list of people who had negative balances on Bitcoinica, everyone who's ever tried to defraud MtGox, and people who didn't return Nefario's overpayments.


The privacy statement would need to state that your private information can be released to other companies and made public by them -remember it was blockchaininfo's user information, not BitcoinStore's own information, which was made public - the user information of a different company than that which had the dispute with its own customer.  Kind of ironic given how much people worry about the possibility of Bitcoin businesses releasing user information to the authorities without a warrant.

FTFY

Thanks but it wasn't broken.

I explained the specific action that both the customer and BitcoinStore took in the events you claim to have fixed, and left it up to the reader to know that lying on customs forms is illegal fraud and that offering a refund or truth on customs forms was a polite thing to do.

I think that was Bruce Wagner, to MyBitcoin, and he supposedly got 50% to 100% of that back.

Roger lost some coins also I'll find the article and edit it here.

Update: https://bitcointalk.org/index.php?topic=67199.msg1100049#msg1100049     Basically, there in regards to BITCOINICA hack.

Eventually, someone like Roger is going to leave Bitcoin at some point.

Yes, but with the remark that Nethead was actually holding something that belong to others (theft), while Roger's mistake was simply to act on impulse and publish the liar's personal details publicly - and honestly, I'm tempted to think like Rassah here and ask "What's the fucking problem in that? Should we really be that passive and let thiefs always get away, cleanly, without even some public shaming?"

I understand where your coming from. I would lean more so Nethead being the idiot here since he's pretty much a unknown to the community and still hasn't returned the coins despite everything. So I hear where your coming from.

No, blockchain.info data was not made public by Roger, it was the Nethead himself who did it.
The information Roger made public was provided to Bitcoinstore.

This is absolutely wrong and ethically reprehensible.  You should treat your customer's private information as your greatest secret and carry it to your grave.  This goes for any business, Bitcoin or not.

*bump* http://www.bitcoinstore.com/privacy-policy-cookie-restriction-mode

By the way, general question, but don't want to go OT here, so https://bitcointalk.org/index.php?topic=131745.0

No problem with it at all, as long as your company's privacy policy indicates that personal information will be used in this way.  On the other hand if you make an explicit commitment to your customers that their personal information will not be shared with a third party for any reason except as demanded by law enforcement, then violation of that commitment is a big problem.  If you are going to act in that way, why bother lying to your customers with a privacy policy at all?

agree with the sentiment against rodger, even if i really appreciate his efforts in the bitcoin world.

protect your customer data, even if they are assholes, or lose the trust of potential customers.

i won't be shopping at bitcoinstore now, as much as i really was looking forward to for my next computer purchases.

Pretty much every real world company I deal with explicitly says that they will share information with credit reporting agencies if you don't pay them, as well as with the authorities if presented with a valid request.  Some also state that they will share information with other companies within the same group (often you can opt out of that as it's usually a marketing thing).

The point is that they explicitly state the circumstances under which information will be shared and with whom.  If Bitcoin businesses are going to share information with each other, they need to explicitly state that in their terms of service and privacy policies.  They also need to be very mindful of the types of data which they can legally share and what records need to be kept in terms of data-sharing.

Breaking the nose of someone and running is normally criminal. But if you're breaking the nose of someone and running to avoid a flash kidnapping, that's perfectly justifiable.
Disrespecting a contract is normally criminal. Disrespecting a contract to avoid the other party to steal from you is normally justifiable (unless of course the breach of contract implies you taking much more from the other party than what this party is taking from you, i.e., disproportional reaction).

The main mistake of Roger here was being too impulsive. Perhaps the customer was innocent. So maybe the best action on Roger's part was to only act after some mediation decided he's right - he had the time to do so anyway. On the other hand, professional mediation would likely cost much more than 5BTC. And he was convinced the guy was a liar. If he's really correct, his actions would be justifiable in comparison to the actions of Nethead.

Anyway, it wouldn't hurt to state what you say in the TOS - that they have the right to break their contract with you if you steal from them is something that's ethically deductible anyway, explicitly stating it would help making it clearer.

The issue in this event was that nobody was stealing from blockchain.info.  blockchain.info was not due any funds.  Roger, acting in an employee capacity at blockchain.info abused his access to their database to violate blockchain.info's privacy policy so as to gain leverage in a dispute between BitcoinStore.com and a BitcoinStore.com customer.

If Roger had violated BitcoinStore.com's privacy policy and publicly used personal information stored by BitcoinStore.com in an attempt to resolve what he believed to be a fraudulent action, it would have been less severe (I still hold that it would have been wrong of him, but not as bad as what he did).  Instead, information that only blockchain.info was supposed to have was revealed to BitcoinStore.com to assist them in their investigation and their attempt to determine whether fraud had even occured.

Are you arguing that I should be able to contact blockchain.info and ask them for a list of all bitcoin addresses associated with your email address or phone number so I can check and see if you have engaged in fraud with me?  Even if it violates blockchain.info's privacy policy?

How is blockchain.info supposed to know if I have a valid fraud claim against you or am just fishing for information I can use to blackmail you?

This is mostly true. I would like to add that what Roger published in this forum initially was information from its own site, and not blockchain.info's information. The blockchain.info's information was merely used as proof for nethead/bitbitman when he replied rudely and denied that the address was the anonymizer's address. It was published by nethead himself.

In fact, apart from Roger accessing the blockchain.info to verify that nethead's address wasn't an anonymizer address and he indeed holds the privatekeys to it, I don't really see what was wrong in his situation.
Even bitcoinstore's privacy policy does have a clause pertaining to this situation.
[/list]

Agreed.  The error in judgement that Roger made was to access the records of blockchain.info to gain leverage in a dispute between BitcoinStore and a BitcoinStore customer.  Had he not done this (or had the customer returned the funds that were accidentally sent to him), then none of this discussion would ever have occurred, Roger's reputation would still be intact, and Roger would still have access to the Admin Panel of blockchain.info to assist Piuk with customer support.

You're talking about abstractions, while what matters are the actions of actual individuals.


I'm not arguing you should have such power no matter what.
I'm arguing that, if you happen to have - for example, because you happen to be an admin there - and you break your contract against me because you believe I'm violating your rights, then a few outcomes are possible after a "proper trial':

• I'm proved guilty of violating your rights. I took more from you than you took from me. Conclusion: I still owe you.
• I'm proved guilty of violating your rights, but it's decided that you ended up taking more from me than I took from you. Conclusion: You owe me in proportion.
• I'm proved innocent of violating your rights. Conclusion: you aggressed me and has a full criminal debt towards me, proportional to the actions you took against me.

That's what I'm arguing.
Rothbard explains it well in one of his texts, it was a text about police raids and searching for criminals. I searched it to link here but couldn't find it.


I don't know how this abstract entity is supposed to know this. But that's not the point. I'm not arguing they should give everybody the ability to demand people's data like that.

Ok, so lets look at the actions of the actual entities involved in this dispute.


There were 3 entities involved in this transaction (keep in mind that the BitcoinStore customer did not take anything from Roger.  If he was guilty, then he was guilty of keeping something that belonged to BitcoinStore.com, not Roger).

Entity 1: NetHead
Entity 2: BitcoinStore
Entity 3: Blockchain.info

In no way did NetHead violate the rights of blockchain.info.  blockchain.info has a privacy policy that states that they will not reveal personal information to third parties.  NetHead might have violated the rights of BitcoinStore.  Under what circumstances was it ok for an employee at blockchain.info to provide personal information to an employee at BitcoinStore?



And yet that is exactly what they did.  They gave Roger from BitcoinStore the ability to demand people's data exactly like that, and he used that ability against the privacy policy of blockchain.info.

They have since addressed this issue, and they didn't know when they gave Roger this ability that he'd actually use it, but that doesn't make Roger's actions acting as an employee of blockchain.info any less wrong.

No.  Breaching a contract is usually a civil matter with civil remedies available.  Theft is a criminal matter with criminal law remedies available - thus Roger would have every right to disclose all of the information his business held on the customer to law enforcement or to seek recovery of the overpayment through civil action if he chose that path.  The issues here are both the obtaining of information from a third party as well as the disclosure of information held by the business involved.  NetHead violating the ToS of BitcoinStore (if you hold that's what he did) did not justify the violation of Blockchain.info's privacy policy.  They are separate entities and the fact that Roger is involved in both of them is irrelevant.

We need to remember that there's a significant amount of cross-ownership of Bitcoin entities and this is a situation which could easily arise again unless all Bitcoin services take appropriate measures to protect user data from being shared with other Bitcoin businesses which may have common employees/investors or they explicitly advise their users that they will share that data with other businesses.

Please cut the drama because the guy is Greek. The tv news are getting in your brains and this shit with the Greek situation (problem way exaggerated) has to end sometime, so no reason you feel sorry.

All this waste-of-time thread has nothing to do with the guy's nationality, btw this mess was about 4 btc (four!)

Agreed, Roger damaged his own reputation, the reputation of MemoryDealers.com, the reputation of BitcoinStore, and the reputation of blockchain.info all over 4 BTC.  Seems ridiculous when you look at it that way.

Clearly NetHead was wrong in his actions, and by returning the 4 BTC could have prevented all of this, but that doesn't justify the damage that Roger did over that same 4 BTC.

It's almost as if you didn't read the first phrase of mine you quoted.

Blockchain.info and BitcoinStore are just abstractions. They don't actually have any rights, they don't exist ethically. Only individuals have rights, and when under contract, obligations. Contracts may allow the creation of these abstractions, but in the end, there are always individuals behind them.

There were two individuals in this dispute: Nethead and Roger. It's their actions that count.


Roger owns part of Bitcoinchain.info AFAIK, he's not some random dude that asked for data and got it.
As an owner of Blockchain.info, he's probably bound by this privacy policy. I'm not sure if he did really broke it, as he didn't release blockchain.info data publicly, but that's irrelevant as I explained before - if he did broke the contract he had with Neathead as owner of Blockchain.info, such breach of contract is eclipsed by the fact that Nethead took part of Roger's property.

Now, if Roger also broke a contract he had with the other owners of Blockchain.info by gathering this data the way he did, that's another matter between them, irrelevant in what concerns Nethead.


They're much less wrong than Nethead's actions and therefore are forgivable.
His relations with the other owners of blockchain.info and his privileges in their application is a totally separate matter.


When I say "crime" I mean any violation of an individuals right, be it a slap in the face or murder - contract breaching is within.
These distinctions you mention are just administrative distinctions, separating different courts to rule over different issues.

Perhaps the word "crime" in English is not appropriate to describe every violation of somebody's rights. In my language it is fine enough. In French I know that it's not - the word crime is restricted to some serious offenses. Anyway, if that's the case, it's just semantics. Find an English word good enough to describe any violation of somebody's right and replace it whenever I said crime or criminal before.

Sorry, I misunderstood the part where you were calling "companies" "abstractions" without rights, responsibilities, or obligations.

I see now what you are saying.  I disagree with you completely, but since our realities don't overlap we will not be able to come to an agreement on this matter.  Others who agree with you that contracts, rights, and obligations only apply to actual individual people and not to companies, and in that case you can all probably find a way to accept Roger's actions as justified and ethical.

In my reality, among the people like me who believe that contracts, rights, and obligations apply to companies, it is clear that Roger acted in a manner that damaged his reputation and the reputation of the businesses he is involved in.

Let me try to make it clearer:

- Nethead took Roger property.
- Roger had a previous contract with Nethead via blockchain.info, in which Nethead had provided data which Roger was supposed to keep private.
- Roger used the data he had on Nethead due to this other contract in private to demonstrate to Nethead how he know he had Roger's money and his excuse was a lie. I highly doubt that this would be a violation of the contract mentioned above since the data was not made public by Roger.
- Roger's actions might have represented a breach of the contract he had with the other owners of Blockchain.info. But that's a problem between them, irrelevant to Nethead.

Companies are just "shared property", nothing more.
You may have a contract with a company, the same way you may rent a house that belongs to a married couple. Saying you have a contract with such shared properties is the equivalent of saying you have a contract with each of the owners of the said share property, proportionally.

I don't see how it could be any different, ethically speaking.

And btw, there's only one reality. ;)

Given this understanding of how contracts and ethics works, I'm curious how you resolve following...

The blockchain.info company has a single owner named Piuk.
I enter into a business relationship with blockchain.info (Piuk) and the terms of the contract assure me that the personal information I provide to blockchain.info (Piuk) "will not be shared with any other third party or advertisers."
Later, without informing me, Piuk sells a 25% stake in his company to another individual named Roger.

Who is my contract with?  I never intended to enter into a contract directly with Roger.  I never agreed to do so. I am not willing to allow Roger to use my personal information for any purpose unless it is specifically for meeting the obligations that Piuk and I agreed to for the service he and I call blockchain.info.

So, am I unknowingly and without my permission forced into a contract with the individual of Roger, and forced to allow him to use my personal information for his own purposes as long as he doesn't share that information with anyone else?

That's that I thought, but it appears I was mistaken.

Errrm, yes they are (https://blockchain.info/wallet/send-anonymously). "Each anonymous transaction creates an entry in a forwarding or routing table which is used to track the final destination address and the value of the transaction. After 6 confirmations (~1 hour) the entry is permanently removed from database leaving no connection between the input and output address. Unused forwarding entries are removed after 8 hours."

So if it was a blockchain.info anonymizing address, any transactions more than about an hour after the first one wouldn't have been forwarded to the receipient. And yes, you can add addresses given out by the anonymizing service to your blockchain.info wallet as watching-only addresses if you want to be notified when someone sends money to them or do taint analysis on them.

If the privacy policy was violated, it really doesn't matter whether the information was made public.  The fact that it Blockchaininfo's data was accessed and used by a third party (and BitcoinStore is a third party, regardless of Roger's involvement in both ventures) at all is the problem.  Either every other Bitcoin business should be able to access Blockchain info's user data or no other Bitcoin business should be able to access it.  People would be howling blue murder if MtGox decided to start giving out information on it's users to other Bitcoin businesses and rightly so.  People would also be very pissed off if every time they owed a company money in the real world that company could get access to the records of other businesses of which they were a customer.

Personally, I'm glad that Roger did chose to make this public and that Nethead responded publicly because if this matter had been kept private no-one would have been aware of the inappropriate sharing of information.  While Blockchaininfo and Bitcoinstore have addressed this, we have no idea  whether other Bitcoin businesses are also sharing user data without the knowledge of their users.

Apart from making the circumstances under which they'll share information with other businesses very clear in their user agreements, perhaps Bitcoin businesses also need to make clear to their employees and investors what constitutes appropriate use of any personal user information to which they have access.

Relevant parts bolded. In blockchain.info you can create an anonymous receiving address, which, when receiving money, automatically sends it through the mixer using "anonymous transactions," and after a while, the money ends up in your personal wallet (someone else's coins, but of the same amount). As far as I know, that anonymous receiving address is yours, and stays there, ready to receive more coins to send through the "anonymous transactions" process until you manually delete it. Am I wrong?  Does that address disappear the first time it receives any coins?

We won't be sharing any more customer data. (Unless demanded by law enforcement).

After this whole debacle I don't think we'll be attempting to publicly shame anyone else.

Note that, as far as I'm concerned, public shaming was never the issue here.  I understand that some people were offended by the idea of public shaming, and others didn't feel it went far enough, but that is all a matter of opinion and not a real problem.  The real issue here was the existence of a privacy policy that explicitly stated that personal information would be used in a particular way, and then actions that violated that policy.  This is not a matter of opinion.  It is a fact that the policy existed, and a fact that the policy was violated.

If a company intends to engage in public shaming as a countermeasure to fraud and theft, I'm not against that at all.  They just need to make sure that their privacy policy indicates that the information will be used in that way.  If a company wants to assist other companies in identifying those who engage in fraud and theft, I'm not against that either.  Again, they just need to make sure that their privacy policy indicates that the information will be used in that way.

If a company changes/updates their privacy statement, they really ought to make sure that it is easy for all their existing customers to be aware of that fact.  It would be cowardly and deceptive to try and silently modify a privacy policy that has already been in place for an extended period of time.

I see that MemoryDealers.com has a policy that is vague enough to possibly allow them to use their customer's personal information to enforce compliance (through shaming?) and protect themselves:

http://memorydealers.com/terms-and-privacy/


Furthermore, while you state here that you will not engage in public shaming anymore, the BitcoinStore.com privacy policy states otherwise:

http://www.bitcoinstore.com/privacy-policy-cookie-restriction-mode

He got his money back after all this happened(there was only one thread, and that locked when he recieved the payment, but im not really sure on that, anyway it was at about that time), after admiting it was his fault, and after i had no serious reason to give them back to him. NOW he sends me a pm telling me that:


My reply:


And his final reply here:



Is this real world? What the fuck did i did to deserve this fucking thing, even after paying him back, which i did because i wanted to (ok, also wanted my info to be removed)
NOW he threatens to put it back? REALLY?

If one has to apologize for anything, is a thing that he will do alone, noone has to tell him to do so (to promote others bussiness)
After all you have to recover my reputation, not me yours.

WTF YOU GUYS

What i posted is my blockchain info, NOT MY DOX which HE DID

LOL, i agree with that man. I stole that bitcoins with a gun to buy food.
ITT guided ppl
(feel sorry for yourself my friend, and please close that tv over there)

UPDATE #2: After my last posts he contacted me that "we are done, and to not send him another message", which i replied that he HAS to remove any info and as an extra i added that i will remove all my posts regarding this. Sounds fair? He didnt reply, and prob wont. Police and lawyer have been alert, for the sake of my security. (offline police... not for whats happening here) Pictures from his tweeter(freely available), some of the pm's i got and some screenshots of what has already happened got mailed to my lawyer (in a password-ed flash drive) with a shut-closed envelope with the pass inside. This in case that anything happens to me.

UPDATE #3: An additional note I would like to leave is that after some posts here my mail got email-codes by blockchain (someone tried to connect to my wallet), and the 3rd mail i got is: "Two Factor Authentication has been disabled on your bitcoin wallet. You should now be able to login again." Well i tried to login after this, but always "incorect password" (==SO my account still exists, but someone.. changes pass?) Any explanation? I like how it became safer. Normaly i would post to let it go any further BUT what i got in my inbox from him, its like he wanted to let it "flow" more.

A very nice apology followed up with threats...

nope? you are a total retard.
most of you here are (sorry for random posts, just reading thread random)

dude, at least you could have given it back. Don't be an idiot and think you are some saint.

i think i speak with zombies

requoting for retards who cannot read threads

Maybe Nethead you should change your name to DICKHEAD.

It's really simple you fucked up he fucked up but your denying you fucked up so your a dickhead.

This isn't that hard is it ?

Ok mofo im a dickhead, but for what?
Also if you change yours to "videos4dick" or "dick4btc" first, i will try to change mine, promise.-

-----videos4btc reply ends here -----

Things that happened:

1. I tried to order from that DAMNED store, and i PAID (hmm i see the scam here somewhere eh???)

2. They obviously didnt want to mark as "gift" thats what i was asking for, and yes that was for tax purposes. Call me a scammer for that, let me tell you that bitcoin is indeed a scam coin, do you pay TAXES with your bitcois? ARE your bitcoins TAXED? How do you pay a tax with bitcoin? Oh, the 0.0005 fee, right.. (keep #2 as i will speak later more about it)

3. I asked for a refund that was actually given to me, plus a 4.5 btc the next day (the ultra-super-duper-retarded dude who worked on that got my payment address in his fucking site (if we believe that a customer paid to that address, but that wasnt even proven, one time he says "Bit*" paid, then says "oh noes, it wasnt him, it was another customer" SO WHOS MONEY WAS THAT REALLY? (mine at that point, and call me a dick)

4. He elevated my privacy to over 100.000 persons (73000 members only here as someone else mentions), and i am a fucking scam? His bussiness is a total scam.

As i have post earlier i wouldnt go on with this kind of posts here, and i would have given an end. BUT NO.

He still pm's me threats, so i will still hate on him as much as i can



---------------------------
#2*: I am a fucking CRIMINAL for asking him if he could mark it as gift? And afterwards accepting his answer, refunded (with a plus)?
You are a fucking ignorant with absolutely no knowledge on the word criminal. Or now you care about goverments taxations?? Come on we will pay with bitcoins..
Criminal related things: guns, drugs, murder, #4, burglar an many many more, also accepting what you call money (bitcoins), GPU-generated numbers that only use they have is FRAUD itself

ok for that last i maybe am.

I am a SCAMMER? In what way did i scam? By accepting funds? Or lie==scam? My mistakes where many but none of them is that i didnt have given back the 4 fucking btc
I am a THIEF? So did i hack into his systems, or broke into his house? Or into his bussiness? Thats the fucking nature of bitcoin, you send money, the other party accepts, if you done that by mistake, well go cry somewhere else, but without private info that someone trusted you to hadle.

The uber frustrating thing of all of them together is that after what he caused and got "his" money back, still came online to threat me of getting my info online again if i do not apologize.

For the fatfucks/nolifers that seek "legal" view on bitcoins, give me one government paper that states about them, they simply do not exist. Show me some legal info about those. SOME not much. I like the idea of free market and support bitcoin but some of you guys are total idiots, IRL I could involve goverments/police/legalshit, Roger could not, no matter how you see it. All the morals and other shit i read on hear are pure b/s.

The other fatfucks/nolifers that said the fuckin awesome "we do not need you in bitcoin community" OMG!! I better go cry, I have done nothing wrong and Im pretty sure that are 10000% worse persons than me, You just all found a person to tell your inner worlds problems.  And "WE" who we? all i saw was people arguing for unexistant morals (and i was one of them), "community", my ass... Im here 2-3 days, and all i see is hate, you all hate each other for what communitty we talk about?

12 year olds who say "ok now i know that i shouldnt do bussiness with nethead", yes indeed, put your coins in your butt, and if you need more i can send mine. WHO THE FUCK CARES WHO YOU SHOULD DO BUSSINESS WITH OR NOT?

Imagine the fucking thing happened to you, as anybody could have ordered from there. The only dishonest man is Roger, not me. As some posts pointed me to his past, all the money he has is (maybe) "fraudulent", and you cared about 4.5 btc, BUT NOT for 30 which i got scammed by bitexchange on another thread, MORALS YOU SAY? I SAY ROGER   (by "you" i mean members of this forum)

I do not care who he is, and why some respect him so much but what he did was wrong, and if you say the opposite, i know you know that deeply inside you. So i do not care what you say about "nethead".
After his fucking message that continues threats im fucking disgusted of this person, AND I REALLY, I MEAN REALLY, I am glad that all this happened and he showed who he is, even if that makes me an ashole x2.


more about BLOCKCHAIN.INFO

How the fuck do you dare to say something is FIXED, that it obviously not, well not completely. As i explain in previous post my account is still in exist (if it got banned i would understand that, but even that does not have a reason), BUT removed the two factor validator for me (yes the good guy piuk) and changed my password, AS i cannot login to the message of something like "invalid password" or "this wallet could not be decrypted, try again". (Dont have my word on it, becouse i may be wrong on this subject and would like a piuk-reply here, maybe something else happened to it... and would be interesting to hear about.)

Yea it is safe, go put your btc there, and hope you never get locked out of your account.

Subnote: Things that i have done: 1. Recieved bitcoins 2. Lied about them for the wierd guy he was 3. REFUNDED THEM 4. Ask him nicely to remove any post regarding me, and promise to remove any post about it. 5. Got the reply above (threat)

 

 enough for today
 

What blows my mind more than anything about all this vindictive drama is that it concerned such a petty amount. The same thing happened when bitinstant released all that info on Zhou Tong. I'm shocked that we didn't learn anything from that mistake.

I won't be boycotting any companies, but this has been a major disappointment to me. IMHO, it's also not wise to ask the admins to "please delete" the original thread. Some, though not I, would perceive that as a dishonest motion.

This whole situation has convinced me not to consider ever purchasing from bitcoinstore, and to discourage any others I know from purchasing from there either.

I’ve quietly watched quite a few major players here self destruct over the past couple of years. Bruce Wagner, Peter Lambert, Zhou Tong, Matthew Wright, Chaang Noi, Trendon Shavers, James McCarthy, Vladimir Marchenko were all accepted as champions of Bitcoin as some point in its short history. For all I’ve seen and for as long as I’ve been following this dog and pony show I felt nothing could shock me anymore. I was wrong. I would never have expected this kind of behavior from Roger Ver!

Roger isn’t just one of the normal zit-faced kids that come here screaming, “look at me – look at me – I’m running a business.” This guy has a brick-and-mortar store where “regular people” walk in and buy goods. What do you think would happen Roger if you released personal info on someone in San Jose that used a check to buy something at your Santa Clara store? Should I put this thread on Yelp so that California knows how you do business? Very sad my friend, very sad.

No, but it looks like you may be, otherwise you would see that my post was made 31 hours before this post of yours:


You expect me to see into the future and know what you are going to post in 31 hours?

WTF. You don't demand apologies, you let people decide for themselves if they wish to give them, and let everyone else judge the outcome. An apology from nethead would only have improved his standing in the community, not Roger's, and now that we know that one was publicly demanded, that option to possibly clear up his reputation was stolen from nethead.

I take that word back but he has got "his" monies back BEFORE this thread and you mislead others

wow, i think i'm going to go buy something from BitcoinStore after this.

Your sharedKey was contained within the information posted. This key gives someone the ability to authenticate themselves with blockchain.info as the owner of that wallet, including the ability to overwrite it.

The coins will be safe though. I have emailed you 6 recent backups of the wallet. They can either be imported into Multibit (http://multibit.org) or imported into a new wallet at https://blockchain.info/wallet/import-wallet. You are welcome to continue using blockchain.info if you desire.

Notice how his point still stands do you admit you done anything wrong?
Just ignore Nethead aka Dickhead he's a troll .

Yeah right, now im a troll... But you are another victim of Roger's marketing/advertising attempt.

Nethead, it's possible that you have people leaning toward your way of thinking, but as you continue the current route you're taking, those same people will start abandoning their new found position.

Case in point, I stand fully behind Roger, albeit possibly not as close as prior to this episode thanks to you. This is not meant as a diss toward you or Roger, but by choosing your words more carefully, you'll be able retain those in your camp. Likewise, by becoming silent, possibly retains the same amount of people. But continue the diatribe, you'll have a massive campfire, but not many around to enjoy it.

To be clear, I'm not trying to silence you. I'm merely saying to state your facts in a softer tone. Remember the adage: You get more with honey than with vinegar.

~Bruno K~

WHAT?

Could you explain this process how that happened?

I understood earlier from explanations from both Roger and blockchain.info representatives that the information available to admins from looking up the information based on an address does not give information that would allow the admin to authenticate to blockchain.info posing as the wallet owner. Now that has happened? The impossible thing?

Have the explanations from representatives of blockchain.info about the capabilities what could be done with the information available by this admin panel lookup have they been entirely truthful?

What information you have about WHO has authenticated into blockchain.info posing as as nethead?

What did blockchain.info do in order to protect the user whose information was widely known to be publicly available and so likely target of abuses?

I see this issue potentially as the one biggest concern over anything else in this whole saga, so please explain.

Really good to see that the companies related to Roger Ver are re-evaluating their privacy and security policies after he broke his privacy policy. Blockchain and Bitinstant in particular are such important and innovative businesses, it would be a shame to see them tainted by this mistake. I don't have time to read this entire thread, so I'm not sure if it has been mentioned before, but it would be nice if these companies had their privacy policies verified with trustE or a similar service.

Since the users password is never sent to the server a randomly generated key is used instead for server side authentication. With that key you have the ability to control some of the meta data associated with a wallet. As that key was posted publicly on the forums nethead should start a new wallet.

What about the other questions?

What information do you have about who abused blockchain.info to alter nethead wallet?

What about the 2-factor authentication issue nethead mentioned?

When did somebody at blockchain.info first realize that this particular problem with the key being published was a serious issue and what did blockchain.info do to protect the user from likely various attempts for abuses even if blockchain.info perhaps did not yet know what the actual vector used for the attack is going to be?

That's the information he was sent by Roger Ver. So let me get this straight - any admin, including Roger Ver when he still had admin access, has access to enough information to authenticate to the blockchain.info server as that user and lock them out of their account, bypassing any auditing that might be associated with using admin tools to do the same thing. At any time - including after you'd supposedly removed his admin access - Roger Ver could've locked this person out of their blockchain.info account in order to extort them for, say, money or an apology.

The ip address the wallet was last updated with.


With the sharedKey two factor authentication can be disabled.

Every version of a wallet is stored (every time it is updated). The users has been sent those backups, with instructions to import them into another client or a new blockchain wallet.

There isn't really any ability to lock a wallet, but yes with access to the sharedKey and some custom crafted http requests he could have achieved that affect. Nethead has an email associated with the account so he will have been automatically emailed backups. With backups the extortion would be easily circumvented by importing the wallet into Multibit or any other client. This is one of the reasons why it's always a good idea to keep your own backups.

How about stop pretending that your client sided security is nothing but a joke?
https://bitcointalk.org/index.php?topic=133032.0

Never try to build a secure system out of client JS, unless you're the guy who made cryptocat.

The information should not have been posted publicly, but:

- The user has not lost any money
- The wallets private keys are still safe
- The user has his own backups, we have backups of every version of the wallet.

A normal hosted wallet could have simply done.

I confirm i havent lost any bitcoins, and that after i posted i instantly got an email from piuk with the backups.
Although, i have removed any bitcoins i had in that wallet from when i first got my info from roger

Please do this, i want to test something: update wallets set balance = 1000000 where user = 'nethead'
OK, ok, j/k

blockchain.info could have simply done


and have it pass the verifier.

The verifier does not allow inline script tags, line 36:

https://github.com/blockchain/My-Wallet-Integrity-Checker/blob/master/chrome/mywallet.js

BUMP
because i do not want to let it go
(for more info read my latest posts in thread)

Shut the fuck up already. Enough with the multiple posts and thinking that anyone gives a flying fuck about your broke ass 4.5 BTC.

You misunderstood something, those werent mine, maybe bitcoinica made you broke?
The subject of this all have been changed already and if you didnt even read, please do or out.

Ok, correction. NO GIVES A FLYING FUCK ABOUT YOU.

Page 7 Internet drama

Has there been any response at all to the PM from Roger trying to blackmail an apology out of nethead?  Considering it was posted in a thread started to apologize for the piss poor handling of this whole thing from the start, it adds a nice extra layer of classy to the drama cake.

Will you be updating your Privacy Policy? Or have you decided that you want to reserve the right to share personal customer data and publicly shame those who you determine have misbehaved?

Your current Privacy Policy still states:


If this is not your new policy, you really should update it.  If it is still your policy, then you shouldn't be claiming otherwise here.

In their defense, a TOS update probably can't happen overnight during Xmas holidays for practical reasons.

Certainly, however it was December 19 when it was stated:


Then on December 21 it was stated:

And yet today January 2 (15 days after the initial incident) the TOS still states:

bump

Sketch is the first word that comes to mind when I read this thread. I don't get how people with 10-20 posts here have these huge businesses elsewhere, because it seems like almost everyone on the site. Interesting...in a good way