 Show Posts
|
|
Pages: « 1 [2] 3 »
|
|
I got my deposit refunded back long ago thanks to Anon.
|
|
|
|
If you can prove easily that account is yours , in less than 1-2 days theymos will recover the account ( like the Akka situation).
Unfortunately this hasn't been the case for IronMarvel. Nor for me. I mean Theymos can easily check the IP used to log into both accounts, couple that with valid btc signatures, I mean what most straight-forward supporting evidence do you even need? |
|
|
|
|
Good luck getting a response from Theymos. I'm in a similar boat and have been PM'ing him with two signed btc address associated with my original account for several months now; no response.
This is what happens when there's no email confirmation when changing critical account details and only the forum admin can do account recovery.
|
|
|
|
|
made about 0.7btc from pandacoin
|
|
|
|
|
Andreas Antopoulos
Second vote goes to James D'angelo
|
|
|
|
|
Well at least they have code in the repo to show for it, unlike exo which only provides binaries.
|
|
|
|
|
Is there any documentation on the communication protocol used between NCC and NIS?
|
|
|
|
|
It's about freaking time they started taking btc donations.
|
|
|
|
|
I wonder how they got your email to start with.
|
|
|
|
|
So do I need to do anything else atm after registering my token?
|
|
|
|
|
Is the source to build this even released yet?
|
|
|
|
Did an escrow for me on the Exo first stage investment. This transaction is particular noteworthy because my original "greatwolf" was compromised. I was worried I wouldn't be able to recover my funds but Anon136 provided a way for me to show, with a reasonable amount of certainty, that I am in fact the original investor of the IPO. He's been very responsive through the investigative process and I am thankful to have him as my escrow. Do note that the extra detective work cost extra since it wasn't part of the original terms of the escrow. As such, I recommend that when doing an escrow with anon136, or anyone else for that matter, to have the transaction and escrow tied to something other than your BCT account, so it's easier to prove your online identity. See this thread for why using BCT as the primary reference point is a bad idea. |
|
|
|
First it would make it extremely easy to scam account buyers who do not think to ask for a signed message and would make any buyer vulnerable to having their account taken back in the event they lose such signed message. It overwhelmingly appears that the OP is almost certainly trying to scam the person that he sold his account to. The OP proved his account ownership by signing a message contained in an other person's post (but not his own) so anyone buying his account would likely not be able to easily find such address to request such signed message.
You're chalking up account buyers as morons that don't know what they're doing. If someone's buying a BCT account, they're likely not a newbie to the community. Even if they did not think to ask for such proof, that can easily be solved with a public service announcement. If the buyer still chooses to go forward with the account purchase without some kind of signed message as a receipt, then it is their risk to take. You need to remember that the person who is in control of the account at one point somehow controlled the password so the burden should be on the person claiming ownership not on the person who controls the account presently. And what kind of proof would the OP have to present to satisfy that burden? What would it look like? What form would it take? ... if the administrators were to be as liberal with account recoveries as you are suggesting then theymos would be overwhelmed with requests for account recoveries and this would take his time away for more important work.
Of course, that is just your hypothesis. My guess is that with a more clearly well-defined recovery procedure it would allow theymos to restore more accounts back to their legitimate owners. Of course there's no way to know for sure without trying. And why favor account buyers at all? Theymos himself said he doesn't condone the activity anyway so worrying about account buyers getting scammed is a moot point. Couple this with email confirmation on changes to vital account detail, like you read from my other post, that will cull out the majority of the account request to start with. |
|
|
|
One thing for sure.. a couple people have been dead on the mark and their perspective lets me know that im not going crazy and that i am getting through to not only the mods but everyone reading this thread too!
I was re-reading this thread and it seems $username has been calling it how he sees it the whole time! He has been money and i will use him and another member as an example to show that im not coming out of left field when i say there is a huge flaw in the forum and i have been taken advantage of because of it.
There is no 2factor, no email verification when a users email is changed .. nothing. That in combination with the allowing of accounts to be bought and sold (WITHOUT A SIGNED MSG FROM PREVIOUS OWNER) i believe creates and environment perfect for the manipulation of the flaw.
Just posting here to let you know I'm in a similar boat so this is no means an isolated case. My account got hacked which could have been prevented had email confirmation been enabled on this forum to begin with. The only difference is no one has stepped up to dispute my claim to my account yet. Unfortunately, I haven't received so much as a peep from theymos and I've been sending him weekly PM's since Sept. in the required signed format outlined. Frankly, I don't understand how a forum so lax in security can be used to conduct any serious business or money related matters -- this is just ludicrous. Your forum password is the only line of defense and should that be compromised -- whether your fault or not -- then it's basically game over. There's no other recourse then to keep PM'ing forum admin until they respond. If it were up to me, this is clearly an open-and-shut case: you provided a signed message proving ownship of said account -- the current person in control of your account cannot provide a signed message proving he bought the account legitimately. Ergo, account access should be restored back to you. |
|
|
|
I completely agree with this feature request 100%. My original account which got compromised, could have been prevented if something as simple as email confirmation was in place. In fact, I made this exact suggestion on my hacked account thread. As of this time, I still haven't received any reply to my recovery PM from theymos (and yes I followed the recovery procedures outline here). I don't understand how a cryptocurrency forum that deals with money can be so lax in its security department. All the hacker has to do is guess the right PW or answer security question correctly and it's game over. |
|
|
|
For your information, theymos replied on reddit a few days ago regarding another more complicated recovery request (link: http://www.reddit.com/r/Bitcoin/comments/2hne0g/useraccounts_bitcointalkorg_not_like_other/ckugt4c), but there is something in common for all recovery requests. Account recoveries are my lowest priority because they involve a ton of investigation, and you shouldn't lose your account in the first place. If my investigation is not thorough, I could end up accidentally "recovering" an account by giving it to a thief. But I don't often have hours of spare time to devote to such things, so I end up doing only a few account recoveries per month, and many requests get ignored. (I choose recent requests that look straightforward. For any forum business, if I ignored your past requests, resend it every couple of weeks and make it more clear/straightforward.)
Two responses to the above, firstly I think my case falls on the straightforward case since no one has stepped up to dispute my claim to my account. But then again, what does he even consider straightforward exactly? That sounds completely subjective and whatever mood he happens to be feeling. Why not delegate some of that task to other mods? They're trustworthy enough to do it and perfectly capable. Secondly, why doesn't theymos secure BCT accounts better and make them harder to hack? Then there would be less account recovery request because less accounts are being hacked. Low-hanging fruits that come to mind: - Email confirmation on account creation
- Email confirmation when changing vital account settings
- 2FA
These aren't new ideas. See this thread for example. |
|
|
|
And I imagine setting up 2F is significantly more work than implementing a simple password reset log. Shouldn't be too long for the new forum now anyway.
You mean the new forum that's supposedly in the works since jan 2013? Frankly, I don't understand why there's a need to design a completely new forum software from scratch when there are many off-the-shelve open-source choices available. It would save so much time going with one of them that closely fits the requirements and just customize and mod it to fit our purposes. PS. I'm still waiting for a reply to my PM on my hacked account btw. |
|
|
|
|
My original BCT account got compromised, what's the step for redeeming my NEM stake? I can sign with the original btc key used to buy in the stake.
|
|
|
|
|
