|
Title: Give us a place to post our bitcoin address Post by: Vod on June 08, 2014, 06:40:31 AM Theymos has said the only way to recover a hacked account is to sign a message with a bitcoin address you posted somewhere with your account.
If my account was hacked today, I would have no way to recover it - I can't remember where I posted my bitcoin address out of my thousands of posts. It's in my signature, but Theymos has said there is no easy way to track signature edits. I propose a special forum (much like the reputation forum) where users could post a bitcoin address for future verification. This forum should not allow edits, to prevent a hacker from modifying your post. Thoughts? Title: Re: Give us a place to post our bitcoin address Post by: hilariousandco on June 08, 2014, 07:00:50 AM I'm 50/50 on the idea. I thought about having a thread like this but people would probably spam it or take advantage of it in some way. Could a feature not be implemented on our profiles to log all the addressees we have used there?
Title: Re: Give us a place to post our bitcoin address Post by: mitzie on June 08, 2014, 07:32:23 AM Theymos can see edits in your bitcoin address field in your profile. So having an address set there, you are good. Also if you have mentioned your address in a reply somewhere, admins & globals could say if the comment was edited, and therefore see if your address was changed, (and as a result see your old address, and ask you to sign a message).
But I am only 95% sure that theymos can see edits in you bitcoin address field in your profile Title: Re: Give us a place to post our bitcoin address Post by: Yuki1988 on June 08, 2014, 07:43:55 AM But I am only 95% sure that theymos can see edits in you bitcoin address field in your profile If my understanding is right, theymos can see it, but it is inconvenience (and so he prefers not to do it that way)... https://bitcointalk.org/index.php?topic=642008.0 Add it to your signature and the bitcoin address section. Even if the hacker changes it, theymos can check. I can't conveniently check signature edits.What about the addresses in our profile? Will they suffice and can you see the recent edits or history of them? No.Title: Re: Give us a place to post our bitcoin address Post by: hilariousandco on June 08, 2014, 07:45:02 AM Theymos can see edits in your bitcoin address field in your profile. So having an address set there, you are good. Also if you have mentioned your address in a reply somewhere, admins & globals could say if the comment was edited, and therefore see if your address was changed, (and as a result see your old address, and ask you to sign a message). But I am only 95% sure that theymos can see edits in you bitcoin address field in your profile I'm not so sure about that: What about the addresses in our profile? Will they suffice and can you see the recent edits or history of them? No. Title: Re: Give us a place to post our bitcoin address Post by: mitzie on June 08, 2014, 07:52:20 AM Thanks hilariousandco ;) . I thought that I had read it somewhere in the past.
Title: Re: Give us a place to post our bitcoin address Post by: theymos on June 08, 2014, 08:00:50 AM If my understanding is right, theymos can see it, but it is inconvenience (and so he prefers not to do it that way)... https://bitcointalk.org/index.php?topic=642008.0 To elaborate on this, I can access old profile information only by looking at the weekly forum database backups, but the backups are so large that it takes at least an hour to unpack them and get the data into a usable form. So I try very hard to avoid doing this. It wouldn't be too difficult to add edit history to certain profile fiends, but I feel like this would rarely be useful... Title: Re: Give us a place to post our bitcoin address Post by: dserrano5 on June 08, 2014, 08:21:04 AM I've recently created a thread (https://bitcointalk.org/index.php?topic=640048.0) in the spanish section with this purpose but an international thread would obviously be better. The downside is that the hacker would know exactly where he should do his edits. Yeah edits are logged but it's more work for the admin. We clearly need something else.
Title: Re: Give us a place to post our bitcoin address Post by: eid on June 08, 2014, 08:22:04 AM Theymos could make an account called "Member BTC addresses" (or w/e) and we could all pm that account. Would that work?
eidt: I don't know if there's a limit on messages in the inbox ??? Title: Re: Give us a place to post our bitcoin address Post by: Yuki1988 on June 08, 2014, 08:33:31 AM Theymos could make an account called "Member BTC addresses" (or w/e) and we could all pm that account. Would that work? As explained by theymos (in the following quote), you can send a PM to DefaultTrust (https://bitcointalk.org/index.php?action=profile;u=122551) for this. It's best to include it naturally in a post. But if you can't, you can send a PM to an account that won't delete it (you could use DefaultTrust for this). After you send it, check your outbox and make a note of the PM's ID (visible in the quote URL). Title: Re: Give us a place to post our bitcoin address Post by: eid on June 08, 2014, 08:42:54 AM Theymos could make an account called "Member BTC addresses" (or w/e) and we could all pm that account. Would that work? As explained by theymos (in the following quote), you can send a PM to DefaultTrust (https://bitcointalk.org/index.php?action=profile;u=122551) for this. It's best to include it naturally in a post. But if you can't, you can send a PM to an account that won't delete it (you could use DefaultTrust for this). After you send it, check your outbox and make a note of the PM's ID (visible in the quote URL). Ah...thanks for the link :) Title: Re: Give us a place to post our bitcoin address Post by: jambola2 on June 08, 2014, 10:42:29 AM I hack John's account.
I post my BTC address on this new thread. I change my password. John realises this and recovers his account via email. I now have possession of a Bitcoin address linked to his account , so I change the mail to one I own and gain complete control over his account. Is there any way Theymos could foresee this and stop this from happening ? Title: Re: Give us a place to post our bitcoin address Post by: phantastisch on June 08, 2014, 10:52:36 AM I hack John's account. I post my BTC address on this new thread. I change my password. John realises this and recovers his account via email. I now have possession of a Bitcoin address linked to his account , so I change the mail to one I own and gain complete control over his account. Is there any way Theymos could foresee this and stop this from happening ? Not if John has control over at least one Address posted in the past. Then it's easy to prove that you changed it in the timeframe. Title: Re: Give us a place to post our bitcoin address Post by: jbrnt on June 08, 2014, 10:58:06 AM Sometimes when you post an address and some other members quoted it, like in a giveaway or a sig campaign. The address is not editable by the hacker. Can't you just take note of that thread and provide that as a proof of ownership?
Title: Re: Give us a place to post our bitcoin address Post by: Light on June 08, 2014, 11:56:26 AM Theymos has said the only way to recover a hacked account is to sign a message with a bitcoin address you posted somewhere with your account. If my account was hacked today, I would have no way to recover it - I can't remember where I posted my bitcoin address out of my thousands of posts. It's in my signature, but Theymos has said there is no easy way to track signature edits. Possible temporary measure (and easy to do) would just be a single thread in the Auction section (which as far as I know has posts that cannot be changed) where one could just post their address. Although we might need to some way to search through the thread for a specific user so that it's easier to see which address you need to sign a message from. Title: Re: Give us a place to post our bitcoin address Post by: shorena on June 08, 2014, 05:08:03 PM I wonder why this is so hard...
It's best to include it naturally in a post. But if you can't, you can send a PM to an account that won't delete it (you could use DefaultTrust for this). After you send it, check your outbox and make a note of the PM's ID (visible in the quote URL). -snip- Just send a PM to DefaultTrust now, write down the PM id and the address in a safe place and you are fine. Title: Re: Give us a place to post our bitcoin address Post by: Vod on June 10, 2014, 10:54:12 PM Just send a PM to DefaultTrust now, write down the PM id and the address in a safe place and you are fine. I did that, but a PM is not sufficient is prove who I am to others. Take a look at this post: https://bitcointalk.org/index.php?topic=647459.msg7240996#msg7240996 If the OP was able to post their bitcoin address in an uneditable area of the forum, they would be able to prove the account is not hacked. Title: Re: Give us a place to post our bitcoin address Post by: jeffersonairplane on June 10, 2014, 11:40:54 PM This is great. However, wouldn't the hacker just change the BTC address listed on the account? Therefore Theymos wouldn't be able to track that I don't believe. Please correct me if I'm wrong because I love the idea.
Title: Re: Give us a place to post our bitcoin address Post by: Vod on June 11, 2014, 12:20:27 AM This is great. However, wouldn't the hacker just change the BTC address listed on the account? Therefore Theymos wouldn't be able to track that I don't believe. Please correct me if I'm wrong because I love the idea. No, because the original owner would have posted his bitcoin address in a forum that does not allow edits, like the Auctions forum. Title: Re: Give us a place to post our bitcoin address Post by: crunck on June 11, 2014, 05:17:37 AM I think this would be a good idea. Though you can just post/send your BTC anywhere and just remeber it (edits can be viewed by admin/moderators so it shouldn't be a prolem as well.
Title: Re: Give us a place to post our bitcoin address Post by: bitbaby on June 11, 2014, 05:24:47 AM I wonder why this is so hard... It's best to include it naturally in a post. But if you can't, you can send a PM to an account that won't delete it (you could use DefaultTrust for this). After you send it, check your outbox and make a note of the PM's ID (visible in the quote URL). -snip- Just send a PM to DefaultTrust now, write down the PM id and the address in a safe place and you are fine. I am gonna do this just now to be on the safer side. Do I just need to sent my address or can I include my gmail which has 2fa enabled? Edit: I sent him a pm with my address, how do I save the PM Id? Title: Re: Give us a place to post our bitcoin address Post by: Confessions on June 11, 2014, 05:30:07 AM Temp solution:
https://bitcointalk.org/index.php?topic=647847.new#new Title: Re: Give us a place to post our bitcoin address Post by: shorena on June 11, 2014, 07:24:44 AM Just send a PM to DefaultTrust now, write down the PM id and the address in a safe place and you are fine. I did that, but a PM is not sufficient is prove who I am to others. -snip- Thats true, but the point here is to prove to theymos who you are. Not as an identifier, but as in: "I am the person that had control over this account on 11.06.2014". If its enough for theymos to change the mail address, its enough for me because I know I can regain control over this account in the future. Signatures in general can not prove who you are unless you exchanged the public keys in person. I dont know if there is a web of trust for BTC signed messages, but even with PGP most ppl dont even bother anymore. -snip- I am gonna do this just now to be on the safer side. Do I just need to sent my address or can I include my gmail which has 2fa enabled? Edit: I sent him a pm with my address, how do I save the PM Id? I personally have it in a encrypted textfile that is safed on 3 seperate machines, among other information. In case I got the question wrong and you are asking "where do I find the ID": https://bitcointalk.org/index.php?action=pm -> outbox -> klick msg subject -> check address bar bitcointalk.org/index.php?action=pm;f=outbox#msg1234567890 the red number is the id. Title: Re: Give us a place to post our bitcoin address Post by: bitbaby on June 11, 2014, 07:30:56 AM Just send a PM to DefaultTrust now, write down the PM id and the address in a safe place and you are fine. I did that, but a PM is not sufficient is prove who I am to others. -snip- Thats true, but the point here is to prove to theymos who you are. Not as an identifier, but as in: "I am the person that had control over this account on 11.06.2014". If its enough for theymos to change the mail address, its enough for me because I know I can regain control over this account in the future. Signatures in general can not prove who you are unless you exchanged the public keys in person. I dont know if there is a web of trust for BTC signed messages, but even with PGP most ppl dont even bother anymore. -snip- I am gonna do this just now to be on the safer side. Do I just need to sent my address or can I include my gmail which has 2fa enabled? Edit: I sent him a pm with my address, how do I save the PM Id? I personally have it in a encrypted textfile that is safed on 3 seperate machines, among other information. In case I got the question wrong and you are asking "where do I find the ID": https://bitcointalk.org/index.php?action=pm -> outbox -> klick msg subject -> check address bar bitcointalk.org/index.php?action=pm;f=outbox#msg1234567890 the red number is the id. Thanks I saved the sent pm's information and addy. |