Signature checks out ok. It's been signed by the same private key as previous messages - and as the payment notifications. (still no proof it's not a hacker who stole the private key .. but we've got little option but to assume it's the original 'Tom Williams' I guess) |
|
|
|
But what is a signature using a private key that was shared with a compromised server worth anyway? |
|
|
|
it's an index page on the domain name mybitcoin.com ... that means whoever wrote that has full access to his server... It's him.
uhm, how does that follow? server might be owned. In that case - we can't even trust that any messages signed with his private key are from him any more. Tom seemed to use the same key to sign his personal correspondence as that which was used for mybitcoin's automatic payment notifications. This suggests the corresponding private key was stored on the server and the mybitcoin software had access to the passphrase. Of course if an imposter 'Tom Williams 2' was posting.. one would hope that 'Tom Williams 1' would pipe up somehow and warn us that the key was compromised. (but if he completely lost access to his private key - he'd probably know he'd be assumed to just be a troll.... so maybe we'd hear nothing) That's the double edged sword of anonymity. In some cases Mr anonymous 1's digital world can be usurped by Mr anonymous 2 with no recourse. Anonymous identities vulnerable to identity theft.. how about that. That he shared his key with an automated system, and didn't properly participate in a web of trust is an indication that really.. his signing of messages was little more than a marketing ploy to make us think he took security seriously. |
|
|
|
|
Well inbound transfers via Technocash have certainly been working ok. (about 3 days to transfer in to mtgox)
|
|
|
|
|
Looks like just a broken URL.
Try typing the last part of it by hand (get rid of the %5's in there)
|
|
|
|
Nice one. That was a fun read  |
|
|
|
Are you tired of hopping around this forum like a kangaroo on crack?
I don't know.. But something's stuck in my cloaca and it's sure to be something I've picked up in one of these threads. I'll wait for the dingos to tear you up a bit before considering which side of the barbed wire to hop to. That's a meth 'meh' by the way. |
|
|
|
$10,000 Bet that Bitcoins will outperform Gold, Silver by 100X over the next two years
How precisely has this been specified? Does this mean that so long as he finds some point within the next 2 years where this holds true - he's won.. or does the bet only look at the performance 'over' the entire 2 year span and so have to be evaluated exactly on the final day 2 years from now? |
|
|
|
what would be really cool is if tom williams used bitcoinlaundry to laundry the money and they stole it.
It would be cooler if Tom Williams was just out hiking in the wilderness and came back and fixed his site. I've got nothing in mybitcoin - but I don't like to see the pain it's caused. |
|
|
|
Who exactly is Tobias Lloyd, and could he be Tom Williams?
He could be Tom Williams as much as you or I could be. Well, even more so since he would have a reason to certify his own key. True. But anyone could have done so and it wasn't at all necessary for Tom Williams to have that additional certification in order to sign his messages. The fact that there is so much readily available information on Tobias Lloyd is in complete contrast with all the steps we can see 'Tom Williams' has taken to hide his identity. It was always a long shot that Tobias might be someone who knew him. Judging by Tom's use of i2p and the efforts to hide the whois information - he's not going to be found so easily. |
|
|
|
Yes.
I was hoping to help out with whatever they needed done. I hate seeing people scammed.
Make sure you check out some of the other threads regarding mybitcoin and tom williams. I believe people have already tried contacting the web host. I've done some following up on the certificates 'Tom' used to sign emails - dead end so far. I still have an open query with CACert regarding the certificate used for www.mybitcoin.com itself - but I expect that is an 'unverified' certificate and will reveal nothing. |
|
|
|
Who exactly is Tobias Lloyd, and could he be Tom Williams?
He could be Tom Williams as much as you or I could be. |
|
|
|
Tobias was very helpful but doesn't have any further information regarding Tom Williams. I believe the only certificate for mybitcoin.com I would have verified would have been the PGP cert that was used to sign all of the emails.
With PGP (or GPG in the OpenSource community) there is no need to meet each other face to face to exchange certificates. All encryption and signing is done through a public and private key pair. So, mybitcoin.com would sign all of their correspondence with their private key. Then through use of their public key, I can validate that it was actually them who signed it.
Now, in regards to my validation of the mybitcoin.com public key. When I received a message from mybitcoin.com that was signed AND I confirmed that the data contained within was correct (I.E. the transaction listed matched one I had just placed) I knew the message was authentic, so I would have signed their public key indicating that I trusted this key as an authentic key. So anything signed with that particular key, I knew I could trust. All of the verification was done from right here at my desk, so I'm sorry to say, I did not have to meet anyone in person in order to verify the key. I probably gave the key too high of a signing rating though. Usually when I'm signing keys I go all or nothing. So sorry if I mis-led you.
I know this doesn't help you in your search, but I wish the best of luck to you!
Tobias
|
|
|
|
Well people are trying to gather information. e.g see this thread 'How to find "Tom Williams"' https://bitcointalk.org/index.php?topic=34225.0I've emailed a cacert.org mailing list - as well as their support to see if the https certificate used by www.mybitcoin.com leads to any further info. (mailing list referred me to support. I'm awaiting a response.) Having used cacert in the past, they went off the domain registration info, so doubt you can get anything that the whois did not also give. I was worried that might be the case. The only other certificate based lead is that Tobias Lloyd signed the key that Tom Williams used for correspondence and for the mybitcoin.com automated emails. Hopefully he'll respond to emails and let us know if he actually verified any contact details. EDIT: I've had a response from Tobias Lloyd. He only acted to sign a public key verifying that it was from mybitcoin.com. He has no further info regarding who Tom Williams is. |
|
|
|
|
I've not lost any yet.
Donated some small amounts to things that tickled me... gave some to family.
|
|
|
|
As far as I know.. you shouldn't certify unless you've met and properly verified the person.. so maybe Tobias has some information?
Yes he might, do you have his mail address? Maybe send him a polite mail... I have just done so. |
|
|
|
Fake PGP key was known already or did I just read your post wrong?
Not the way I read it That post seems legit. I also did a gpg verify on a mybitcoin deposit email someone posted online and got a similar result The signature isn't 'trusted' in that it's not verified by a certifying agency - but I think we can know that it's the same person who had control of the mybitcoin response email system. I found the same public key in some python software which interfaced with mybitcoin. Interestingly.. that key does seem to have been certified on 2011-04-02 and 2011-04-12 by one Tobias LLoyd and there are a couple of email addresses for him. As far as I know.. you shouldn't certify unless you've met and properly verified the person.. so maybe Tobias has some information? |
|
|
|
The only cavaat is that I am not sure I can agree to the charity aspect of the payout.
What? I understood it to mean that if you *lose* you get to decide which charity the money goes to. If you win. You can keep the 10K yourself. Memorydealers is putting the money to charity if they win. You don't have to. No at longbets the charity has to be pre-selected by each party. If they win the money goes to that charity. Ah ok. Well I'm cool with that. It just means a smaller pool of people will be interested in the wager. |
|
|
|
|
Show Posts
