I think most of us already deduced as much. Securities must have some sort of centralized issuance and redemption -- otherwise they can't attest to right of ownership in anything. I'd rather they opine on some ICO tokens or more centralized cryptocurrencies. This doesn't tell us anything new. This is a weighted decision which I can respect. Bitcoin isn't 100% secure indeed, so there's no need to lie to people
That's not what they mean by security. They're referring to this definition: a certificate attesting credit, the ownership of stocks or bonds, or the right to ownership connected with tradable derivatives Bitcoin is still the most secure payment system in the world. Nothing new there, either.  |
|
|
|
Hi Folks,
So, we all know that hardware wallets are the safest way to store your crypto-currencies. Says who? They're less safe with regard to physical access, compared to general-use PCs or storage media. And those Trezor and Ledger logos announce what they are outright to a potential adversary. Beyond that, there were some recent disclosures about vulnerabilities in Ledger's security model. Supposedly, the potential attacks include supply-chain and remote (non-physical) attacks. I was just thinking how it actually works in terms of storing my private key. when I send a transaction using my trezor, it communicates with the trezor web-interface which means it has to share my private key with it over the internet? or how does it actually work? The hardware wallet model attempts to simulate offline storage. They are designed to shield your private keys from online connections. Private keys are never sent to the online device. But keep in mind, any security model can potentially be broken. I would avoid putting all funds on any one medium, let alone a hardware wallet. |
|
|
|
The list of Specially Designated Nationals (SDNs) includes individuals and entities associated with sanctioned governments, terrorism, trafficking in weapons of mass destruction, and illegal drug trafficking. This list includes varying types of records, including in some cases only names, but in other cases names, addresses, aliases, etc.
This was obviously triggered by Venezuela's Petro offering. Ostensibly, they're only interested in very serious things -- sanctioned governments, terrorism and drug trafficking. I wouldn't think too much of it. As exchanges would see, the early successes of blacklisting Bitcoin addresses may also lose their effectiveness soon once we have, for example, cross-platform atomic swaps. Throw in a whole slew of mixers, cross-blockchain swaps, and say, even simple OTC exchanges with unsuspecting new buyers of crypto to privacy coins, and it might become less difficult for hackers and blacklisted address owners to clean their ill-gotten gains.
Goodluck to OFAC keeping up with the dark Joneses.
It reeks of an agency that wants to looks like it's doing something. That's what government agencies do -- they need to justify their existence, after all. Obviously with simple address blacklisting, they can't possibly keep tabs on all fund transmission (especially across multiple networks). |
|
|
|
Researchers say that lightning network would drastically reduce the transaction fees, and prop up the value of bitcoin very much. I'm partial to Metcalfe's law, which states: the effect of a telecommunications network is proportional to the square of the number of connected users of the system (n2). This makes sense if you consider the limited supply. Why would reducing transaction fees "prop up the value?" It might stimulate more economic activity (spending), but that doesn't necessarily increase demand to buy bitcoins. The other thing is, we don't know how long it will take to see widespread LN adoption. The security model is so different (private keys must be online, enforcement is based on untested incentives) and future topology and general reliability of bi-directional channels (affecting on-chain settlement) is still unknown. We don't know how much it will relax on-chain transactions or how long it will take to see results. I'm hopeful, but not blindly optimistic. But I am finding difficult to understand lightning network.
I'd start here. |
|
|
|
The Nikkei Review is usually quite accurate. But interestingly, bitARG specifically refuted this report. The exchange apparently has not agreed to any deal yet. While competition amongst exchanges is good, there seem to be a lot of companies who have no connection to cryptocurrencies or to trading trying to set up crypto exchanges.
I wouldn't say that. We're talking about large conglomerates and holding companies. Yahoo Japan already owns a forex transaction platform -- that's where the investment is coming from. They want a piece of the cryptocurrency market now that it's being legitimized and want to leverage the already existing FSA license. Makes sense to me. |
|
|
|
I live in Australia and the highest limit of the Bitcoin ATMs near me have a limit of $10,000 per day. Source: FindBitcoinATMMy friend has called the operator a couple of times though and let him purchase extra - had to organise to meet him there. Same here. In the US, most ATMs are from one of these two providers: Coin Cloud: - $1-$2,000 (lifetime limit) with any valid phone number
- $2,999 per transaction up to $10,000 daily with ID scan
Genesis: - $0-900 with SMS verification
- $901-$3,500 with ID scan
- $3,501-$7,000 with ID scan, DOB, last 4 digits SSN
I think Coin Cloud will do higher limits on a case-by-case basis. Not sure what kind of verification is required, though. I also live in Europe, but our limits are on zero, because we don't have any ATM. One was for a test in Munich for a short time, but I only found out, as it was gone.
There seems to be an ATM in Vienna, that should provide two-way-exchanging. Sell and buy of Bitcoin. Did you use it already?
Indeed, there are no Bitcoin ATMs in Germany. I wonder why? Must be regulatory crap. Apparently there are 54 Bitcoin ATMs in/around Vienna: https://coinatmradar.com/city/178/bitcoin-atm-vienna/ |
|
|
|
So what ways of keeping bitcoins safe do you recommend then? Many people consider hardware wallets as something that is not possible to breach because they were told so. Yes, and that was irresponsible marketing. Most security-minded people know better than to blindly trust software/hardware just because it hasn't been broken yet. I believe exploits will continue to emerge when it comes to hardware wallets. Accordingly, users should tread with caution. As for what I recommend -- traditional cold storage for most coins: I still treat hardware wallets as experimental -- perhaps safer than a typical hot wallet setup, but nowhere near the safety of actual cold storage. Keeping all private keys on one or two devices that plug into online computers just feels way too risky to me. I use tried-and-true cold storage methods (paper wallets, encrypted offline .dat) for 80-90% of my coins. I know that compromising those keys from me would take an extremely targeted attack on me -- the likelihood of that is low. Whereas, I believe that hardware wallets are generally a very big target for hackers, and methods for remote exploits are now emerging.
The biggest takeaway from this report, I think, is don't put all your eggs in one basket.
The only alternative I can think of would be paper wallets but, these are not suitable for spending on a regular basis.
How about an air-gapped PC? Or an encrypted wallet on thumb drive? One of the points here is that nobody should be storing all (or most) of their coins in the same wallet they regularly spend from. I still think hardware wallets are fine for day-to-day spending. But I would treat them like a hot wallet and be on the lookout for social engineering tactics. |
|
|
|
Still, this just means that everyone should be using every kind of protection at their disposal, as you never know who may end up with your data.
The problem is, which forms of protection are safe and reliable? The US government runs loads of TOR exit nodes. It's widely suspected that some VPNs are just honeypots. For example: The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents. It's pretty scary when you think about it. Even if a VPN proves it has no logs in court, that doesn't mean the NSA isn't packet sniffing behind the scenes. And how do you protect against this: As of 2013, the NSA’s bitcoin tracking was achieved through program code-named OAKSTAR, a collection of covert corporate partnerships enabling the agency to monitor communications, including by harvesting internet data as it traveled along fiber optic cables that undergrid the internet. |
|
|
|
G20 closing statement on cryptocurrencies: we acknowledge it - but it needs regulations. We will keep monitoring it.
Is Bitcoin an existential threat to nation-states, or an economic advantage to be waged over others? Can it be both? Remember, the G20 governments (and all governments) are competing against one another. How simple can this collaboration be? They're not ready for any kind of sweeping regulations -- if they ever will be. Each government is struggling to decide its own internal goals and policies, and still has to figure how relevant they believe cryptocurrencies will be. It's 50-50 on this one or neutral if you like. They are waiting for more growth or downfall hehe The bearish market bought them some time. At $100k per BTC, there's no way they can avoid it. |
|
|
|
the "supply chain" attack he outlines is pretty worrisome. better steer clear of 3rd party resellers on ebay, amazon, etc!
The major part of the people going for a hardware wallet, don't even know anything about the product they are buying aside from their assumption that it is the safest possible way of storing coins. If they see a discount somewhere on whatever vague site, they will likely fall for it and lose their funds as result. It's such a weird tendency, isn't it? People rush to invest in cryptocurrency because they think it'll make them rich. Then they cheap out with scammy vendors for what, a $50 discount?! My first hardware wallet was a Trezor that I bought from the original source, and even then it took me like 2 weeks before I actually used it. I was too paranoid initially, and just decided to 'only' store 1 BTC for testing purposes, just to see what happens. I waited probably a whole month before gaining enough confidence to use it as cold wallet storage for 50% of my holdings. After that I bought a Nano Ledger to store the other 50% of my holdings. I still don't trust both hardware completely, and maybe never will, and maybe that's a good thing -- being too easy of believe in something to function flawlessly is never a good thing in the tech world.
I still treat hardware wallets as experimental -- perhaps safer than a typical hot wallet setup, but nowhere near the safety of actual cold storage. Keeping all private keys on one or two devices that plug into online computers just feels way too risky to me. I use tried-and-true cold storage methods (paper wallets, encrypted offline .dat) for 80-90% of my coins. I know that compromising those keys from me would take an extremely targeted attack on me -- the likelihood of that is low. Whereas, I believe that hardware wallets are generally a very big target for hackers, and methods for remote exploits are now emerging. The biggest takeaway from this report, I think, is don't put all your eggs in one basket. |
|
|
|
A security researcher just released a report detailing a set of attacks that exploit a vulnerability in Ledger hardware wallets. He details multiple modes of attack -- including remote attacks, or ones that require physical access either before or after setup of the recovery seed. For example, supply chain attacks, where a dishonest vendor can modify the device before you physically receive it. Personally, I've been skeptical of some of the bold assurances made by Ledger regarding key security. The author notes: I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers. Physical access before setup of the seed
Also known as a “supply chain attack”, this is the focus of this article. It does not require malware on the target computer, nor does it require the user to confirm any transactions. Despite claims otherwise, I have demonstrated this attack on a real Ledger Nano S. Furthermore, I sent the source code to Ledger a few months ago, so they could reproduce it.
As you can tell from the video above, it is trivial to perform a supply chain attack that modifies the generated recovery seed. Since all private keys are derived from the recovery seed, the attacker could steal any funds loaded onto the device. Physical access after setup
This is commonly known as an “Evil Maid attack”. This attack would allow you to extract the PIN, recovery seed and any BIP-39 passphrases used, provided the device is used at least once after you attack it.
As before, this does not require malware on the computer, nor does it require the user to confirm any transactions. It simply requires an attacker to install a custom MCU firmware that can exfiltrate the private keys without the user’s knowledge, next time they use it. Malware (with a hint of social engineering)
This attack would require the user to update the MCU firmware on an infected computer. This could be achieved by displaying an error message that asks the user to reconnect the device with the left button held down (to enter the MCU bootloader). Then the malware can update the MCU with malicious code, allowing the malware to take control of the trusted display and confirmation buttons on the device.
This attack becomes incredibly lucrative if used when a legitimate firmware update is released, as was the case two weeks ago.
He proceeds in some detail and outlines very simple versions of the attacks. I highly recommend reading the full article. But here are some more background tidbits: While the software on the SE can be attested to, the MCU is a non-secure chip and (as we show below) its firmware can be replaced by an attacker.
And herein lies the problem: to achieve Ledger’s security guarantees, the chain of trust must be anchored in the SE. This means that the SE needs to verify the firmware on the MCU. While I will focus on software tampering in this article, it’s important to note that, in the absence of a software vulnerability, you could still compromise the device by tampering with hardware.
It is incredibly important to note that, for these devices to be secure at all, you must completely verify the physical hardware.
Since neither the packaging nor the actual device are tamper-evident, it is trivial for an attacker to modify the device. I cannot repeat this enough: if you do not verify the physical hardware, it is game over.
You should also verify the hardware whenever someone could have had unauthorized access to it, otherwise you are vulnerable to Evil Maid attacks.
Ledger provides instructions to do this, but I will note two issues with them.
1) The pictures are of varying quality. Ledger needs to provide high resolution images that display every component clearly.
2) The reverse of the device is not displayed at all! It is essential that you verify the back of the device, especially since this is where the JTAG header (a debugging interface) for the MCU resides.
Even if these two issues are resolved, I would question how expensive it is to have one of the MCUs with additional flash memory, but identical pinout, to be re-labelled as an STM32F042K6.
Nevertheless, while it is important to touch on this topic, hardware tampering is not required for the attack I will describe in this article. If we can modify the user interface, we can change the recovery seed that is generated during the onboarding process. This is quite easy since the user interface is open source and Ledger allows you (by design!) to install a modified UX application. Under normal circumstances, the device would display a warning that the “User interface is not genuine”, which would be a red flag for any attentive user. But recall that I promised that I would explain how controlling the display can backdoor the key generation? The reason this attack works is that we can simply hide the non-genuine UX warning. For this demonstration, we’re not going to do anything sophisticated that a real attacker would do, such as generating a random-looking, yet entirely predictable, recovery seed. We’re going to do something much more obvious. If you’re well-versed in C, you’ll note that I’m replacing a syscall to the random number generator with a function call that sets all the entropy to zero. As you can see in the video at the start, it generates a recovery seed where the first 23 words are abandon (the last word is different because it is a checksum). Since the private keys are derived from the recovery seed, if you control the recovery seed, you control all the Bitcoin addresses generated by the device. If we put it all together, we get the following attack which I think is really neat.  Of course, since the SE believes the MCU is running genuine firmware, attestation still succeeds. And, as I mentioned earlier, no hardware tampering was required, which defeats Ledger’s security integrity verification. Since the attacker controls the trusted display and hardware buttons, it is astonishingly difficult to detect and remove a well-written exploit from the device. The problem with an architectural vulnerability like this is that it is challenging to fix without changing the architecture.
Ledger has employed multiple mitigations to try and prevent an attacker from exploiting this vulnerability.
First of all, the MCU firmware has been optimized and rearranged. Specifically, the firmware calls into functions in the bootloader instead of duplicating the functions. While this prevents this particular mode of attack, it’s important to be aware that there are other, more “creative” methods of attack that I know of, and probably some that I don’t know of.
Secondly, the SE now times the MCU when it asks it to send the flash contents. This is designed to prevent the use of compression algorithms. It is also supposed to prevent code being supplied by the computer over USB. I’m not sure how well it succeeds in doing the latter, due to the fact that the code can be kept in RAM.
However, it’s of note that the SE runs at up to 28 MHz yet the “adversary” (the MCU) runs at up to 80 MHz! This throws into question whether a slower chip can accurately time a faster chip to prevent it from doing extra things, especially given the slow UART communication.
Ledger refused to send me a release candidate, so I haven’t had an opportunity to verify how well these mitigations resolve the issue. But these raise an important question.
Is it truly possible to use a combination of timing and “difficult to compress” firmware to achieve security in this model?
Building secure systems using this model seems like an incredibly exciting research proposition and I think it’s interesting to see companies like Ledger pushing the envelope on this. Read the full article here: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/ |
|
|
|
Bitcoin won't suffer. In current times it's clear that a lot people are already aware of Bitcoin's presence, and that won't change. I think it might even result in more money to flow into Bitcoin, than vice versa. All money people invest in worthless services and scams could have been invested in Bitcoin, which is something not many people realize yet. Shady investments always existed in the Bitcoin space, from bogus funds and Ponzi schemes to cloud mining exit scams -- long before ICOs even existed. Bitcoiners have always looked for ways to invest their coins and make a return. And like ICOs, these scams have always had a symbiotic relationship with Bitcoin's price: People buy BTC to invest in other ventures and altcoins. That drives the BTC price up. Altcoin and ICO investment definitely keeps BTC supply off the fiat markets, so bitcoiners should be careful what they wish for when it comes to secondary markets drying up. A lot of dumb money that flows into base currencies like BTC and ETH are just using them as a pass-through for other investments, but in the process they drive prices up. |
|
|
|
@squatter. I don't really believe that miners would be happy to pay for all overages, whatever that would mean. Miners are like pirates and go wherever there's cheap energy. Those were the words of a local miner, not mine. And happy was in comparison to being barred entirely from operation, I'm sure. That's what the moratorium means for new miners, and what it's threatening to do for existing miners. That's typical for medium/large-scale businesses that can afford a noticeable cut into their margins if it means they can keep operating. Nobody's "happy" to lose profits in a literal sense. But you'd be surprised when it comes to large-scale businesses bending over to the man if it means legitimacy and permission to increase scale. The corporate behemoths taking over the cannabis industry in US states where it's legal now operate the same way. They scoff at a 10-20% cultivation tax because of the potential money they can make. From another article: “It would never cost the Plattsburgh citizens any more money to let more miners come in here because the miners are willing to pay for those overages when it's super cold,” Tom Pillsworth, a Plattsburgh local and partner at the second largest Bitcoin mine in the city, told Motherboard. Also, I reckon power companies are willing to pay the consumer for usage of excess energy in the form of discounts because energy cannot be efficiently stored. But the locals are not getting screwed, they are maybe mad because the miners are consuming all the discounts hehehe.
How are residents not getting screwed? The miners are causing overages (i.e. there is no excess energy) which are being evenly distributed to residents just as they are to miners. They're not just "consuming the discounts." We're talking about publicly regulated utilities. If cities and public utility districts hold private interests over public, why do they even exist? |
|
|
|
The less you use the network the less load you put on  There's some truth to this. It's one of the natural strengths of the fee market. When demand spikes, fees naturally force users and businesses to be more efficient -- batching transactions, etc. In that vein, overpaying (because of bad fee estimation) probably has noticeable network effects during periods of congestion. People should consciously consider the urgency of their payments. Don't pay $5 when the toll costs 25 cents. You're suggesting that only 2 possible patterns in node topology can exist. That's false.
And you've chosen 2 topological examples that might cause a certain rate of failure. You've painted an incredibly biased picture by assuming there are limits that don't exist.
If only handful of well connected nodes with high up-time were to open channels with each other, both your scenarios won't happen.
Topology aside, he's got a point regarding the security model of LN. Parties must be online and private keys are required to update settlement transactions. I guess it worries me to think about Mastercard/Amex-level scale on the back of hot wallets. |
|
|
|
|
It's not a ban. It's a temporary moratorium on new permit applications from mining businesses. It doesn't affect existing miners.
And it makes sense. The influx of miners coming for Plattsburgh's cheap electricity were bound to sap up the excess capacity and now it's affecting residents and local businesses. One miner interviewed in another article said miners would be happy to pay all overages to make sure residents are unaffected. I'm sure it's true. But the city needs to establish policies to reflect that.
Right now, the locals are just getting screwed.
|
|
|
|
They're really blurring the distinction between "operating" and "promoting" here, which seems important to me. According to the article, the first three defendants "promised would-be investors major returns if they made initial payments in cryptocurrency." Then they ran fraudulent schemes with the money. But this is what concerns me: A fourth named defendant, Scott Chandler, was accused of promoting Bitcoin Funding Team as well as another alleged scam called Jetcoin. The first three guys involved were obviously operating fraudulent investment schemes. Nothing new there. But if the SEC is going after people who were just promoting schemes that turned out fraudulent? That seems new. I'll bet Trevon James and those other Bitconnect guys are shitting their pants right now. |
|
|
|
Any more clarity on this issue? Specifically for 2017 filing?
I don't think so. We're unlikely to get clarity on the pre-2018 like-kind issue for a number of years, if ever. I've seen several opinions that fall on both sides. Tax advisors seem generally conservative and are mostly opining that like-kind exchanges were never applicable to cryptocurrency in the first place. Some altcoin investors and traders -- naturally, because of the huge difference between short and long term capital gains tax rates -- are trying to argue the opposite. I am not a lawyer. Personally, I wouldn't risk treating past years cryptocurrency trades as like-kind exchanges. |
|
|
|
Why would Jihan Wu wants to get involved with Openbazaar? I do not see the connection between a decentralized e-commerce marketplace and bitcoin miners and ASIC chips manufacturing. I wonder if Jihan Wu is reacting on the latest bans on Facebook and Google? If Amazon and other centralized e-commerce marketplaces starts to ban Crypto currency items, he could just sell his products on OpenBazaar.  There are 2 related objectives. First, Bitmain is expanding and wants to diversify market share after generating unprecedented profits. They want a piece of many different pies. Some of their other recent investments: JoyStream, Simplex, RSK Labs, BitKan, ChainLab, CoolBitX, ViaBTC, Yours, 8btc.com. Which leads into the second objective. Bitmain is trying to build and promote an ecosystem around Bitcoin Cash. Take a look at each company in which Bitmain was considered the lead investor. JoyStream: JoyStream is going live on Bitcoin CashBitkan: Bitkan Launches OTC Bitcoin Cash Trading via Mobile AppViaBTC: ViaBTC Exchange to Use Bitcoin Cash as Base Trading PairYours: Yours.org: Why We Switched to Bitcoin Cash...... Anyone see a pattern developing? Don't be surprised if 8btc and OpenBazaar become increasingly focused on promoting Bcash -- depending on how invested they are. It's possible that Bitmain was only a minor investor and therefore has little influence on the companies. The investment in 8btc earlier this month is more concerning to me, given its influence in China. It's not clear in either case how heavily invested Bitmain is. |
|
|
|
He concludes that since we don't expose Bitcoin public keys when transacting (only hashes of public keys), that our bitcoins are safe.
The problem is that a non-insignificant number of people shares/exposes their extended public keys / master public keys to various wallets, apps and services, and many more could be socially engineered to reveal them. Any idea how this might affect an Electrum watching-only wallet setup w/ offline signing? I don't think the master public key is transmitted to Electrum servers, but that may not matter. Because of the way Electrum verifies, grouping HD wallet addresses together is trivial for the Electrum server you connect to. Can they derive your master public key that way? |
|
|
|
The irony of this thread? It looks like everyone in support of the OP is wearing a paid signature ad. Many of the people you will be penalizing are not. That should be the first sign that you're barking up the wrong tree. Why should someone lose signature privileges because they don't post very often? Or because they're inactive for a while? Or because there's not enough merit to go around? Or because they're not in a social group that customarily merits each other (like Default Trust cliques, the Wall Observer regulars, etc)? How do you even know that merit distribution is adequate to begin penalizing those who don't earn it? If some posters aren't receiving merit, it doesn't necessarily follow that post quality is the determining factor, either. I've seen no change since I said this one month ago: The merit system is very simple: Meritorious posts earn merit. That may have been the stated intent. But is it generally true? Some meritorious posts earn merit. We can agree on that. Certainly, not all meritorious posts are even noticed, let alone merited. You have to wade through a lot of shitposting in e.g. Bitcoin Discussion to find quality posts, and regarding sMerit, I suspect that's not where peoples' energy is going. It's natural for merit to be concentrated in Meta, too. "About the forum" sections tend to be the most community-oriented boards out there. And at its core, merit seems to function like a social media "like" button. I don't see how you can stop people from meriting posts they like or agree with, just as they do with "like" buttons. But something you find agreeable =/= quality or noteworthy or deserving of merit. Not by definition, and not by the stated intent of the system. I'm not too concerned either way, but I think it's a tad dishonest for us to act like post quality is the only determining factor -- or even the most dominant factor -- in deciding merit. It's just not logical. There are social/psychological dynamics that are going unconsidered. I've raised the matter in Meta a couple times, but no one responds. They just continue to cheerlead, "The merit system is working so great!" Well then, let's see some statistics, please. And a handful of anecdotal data points about "exceptional posters" isn't nearly enough (IMO) to start actively penalizing most forum members. My sense is that there's too much passing around of merit within social circles and not enough given for thoughtful posts. And you can be damn sure that no matter how meritorious a post is, you will not receive merit if your opinions are not agreeable. Nobody hits the "like" button when Debbie Downer is bringing everyone down. But this is a fucking forum. How popular you are (or the extent you're willing parrot popular opinions) shouldn't decide whether you can display a signature. It's fundamentally problematic to penalize people on such an uneven, subjective basis. That's the opposite of what a forum should be. Do you want people to freely exchange ideas? Or do you want to create incentives so they post when they don't want to, and express ideas they don't agree with, just to make sure they crank out enough merit? Merit can (and is being) gamed, and winners and losers will be created -- and not clearly as a matter of post quality. That's okay if the result is an unevenly distributed impediment on the ability to rank up. Big deal, right? But I don't think it's okay if we're talking about stripping basic forum functionality from most users. Fuck that. I do understand your point. I did try and make the requirement as minimal as possible for this reason. One Merit in the last two months doesn't really require being that active. Also, it is only tempory as the signature is only hidden until they do get a merit point.
What's your basis for saying that? Your anecdotal experience in the context of the initial sMerit distribution? There are millions of forum members. Something like users must earn 5 merits a months for their account to display a signature
I really hope theymos doesn't stand for this kind of bullshit. I suggest prohibiting signature campaigns entirely as an alternative. |
|
|
|
|
Show Posts
