I don't know the stats -- I don't frequent the boards where most of these types of scammers hang out (only where the Trojan-peddling scammers hang out), so I'll take your word for it.


That's a straw man. I'm arguing that calling a woman a scammer because she mentions she is one is not sufficient cause. You're arguing that individuals who obviously have no legitimate purposes on this forum (Nigerian princes) should be called out as scammers (about which we all agree).

The analogy is inaccurate. Exactly 0% of the world's population today qualify as Nigerian princes. Just under 50% of the world's population are female, and so such a claim (of "I'm a girl") made on the Internet should not be met with such exceptional scrutiny.

In my mind, it comes down to three things.

---

1. How sure should you be that someone is a scammer before accusing them (or loudly warning others)?

In other words, is it OK to accuse people if you're 90% sure (ChuckBuck's stats) if that also means you end up falsely accusing the other 10%? Should it make a difference if the accusation also has the potential to alienate a lot of others?

---

2. What kind of evidence is acceptable to use? Simply being a female is clearly not acceptable evidence. Claiming to be a Nigerian prince clearly is acceptable. What about claiming openly to be a female (different from simply being one)? Is this acceptable to use that as evidence?

---

3. What are the wider implications?

I don't know or care if fabiola! is a scammer or not, but:

Regardless of the scam%, what does it say about our community if we state that it's not acceptable to claim openly you are a female here on these forums? (of course, nobody cares if you claim openly you are a male)

Is it important that we, as a community, attempt to be welcoming to the "other 50%", especially given the current imbalance?

What if, in our attempt to be welcoming, we ignore potential scams? What if people lose real funds because they fall for scams about which some of us could have warned them?

---

There are two sides to this. I don't think hilariousandco (or most of the other individuals in this thread, obvious trolls excluded) are sexist. But I do think the line is often drawn in the wrong place, in a place that makes Bitcoin seem like a nerdy-guys-only club, and that will benefit nobody in the end.

I'm not aware of any way to do this without some risk. If your wallet file is ever compromised, even if it's password-protected by Armory, or even if it's a watching-only wallet, then whoever has both it and one of your private keys can gain access to all of them.

It may be less convenient to use new addresses with a web wallet, but it's the safer choice.

If you're 100% sure that nobody has or will gain access to your wallet, then it should be safe, but it's hard to be 100% sure...

Originally, l.j2300 asked if it was risky to non-exported privkeys if some, but not all, privkeys were exported from Armory to a web wallet. My answer (even though I got the details all wrong and goatpig corrected me) was no, don't do that, instead just transfer some bitcoin from your Armory wallet to a new convenience web wallet.

I'm not sure, but I think l.j2300 had a reason to want payments to some pre-existing addresses to go straight to a web wallet. For this, I said the best option is to go ahead and export/import the privkeys from Armory to a web wallet, but then stop using the old wallet entirely (and then create a new Armory wallet for additional savings not stored in the web wallet).

As far as I know, these are the only two safe options. I don't see a safe option for using some existing addresses with Armory, and some with a new wallet. You should really use your existing addresses in one place or the other, and then create a brand new wallet in the other location. If you go against this advice (and use your existing Armory privkeys both inside Armory and in a web wallet), I don't think you'll be instantly compromised, but it's a bad idea...

I have a quick question for you, having just browsed a bit of the GitHub repo. Are you using the Nymi SDK? Do you know what the licensing terms for it are? How redistribution of it works? I can't seem to find any info on their website....

Thanks.

The initial post, quoted below, after which you decided to respond with a "SCAM ALERT", did none of these things...



I've already conceded that such behavior could indeed be relevant, but it's far from sufficient to start throwing around accusations, or even just warnings.


I strenuously disagree. The fact that there are disproportionately few women interested in Bitcoin absolutely should be topic of conversation, as should the fact that so many women who do choose to participate in the forums choose to hide their sex. I don't claim to have a solution, but having such an unwelcoming post in the Beginners & Help section certainly doesn't help.

Ultimately, I think we all need to decide what kind of community we'd prefer to continue building: one based on Assume good faith or one based on Fear, uncertainty and doubt. We should all have a healthy amount of fear (but let's call it skepticism), but there's such a thing as too much.

In short, I think your initial post crossed a line, and does more harm than good.

Pot... meet kettle....

Take a look at these two recent threads, this one by user Supraman, and this one by user grumpyoldtroll (whose first word in his post is "Guys,"). Both are newbies, both are asking questions that have been asked a hundred times before that could easily have been answered by a web search, both are guys. They both got warm welcomes and/or informative responses.

Now take a look at this thread, with someone asking a question that hasn't been asked a hundred times before, but a girl, and the first couple of responses (hilariousandco and serje) were anything but warm, in fact I'd call them downright disgraceful.

As far as I'm concerned, anybody on this forum could be a scammer, and I'd never do business with anyone until being convinced otherwise. But it's completely inappropriate to throw up a red flag unless you have real concerns or evidence, and not just "but she's a girl! and lots of guys lie and scam pretending to be girls!" Even though I fully concede that statistics might support the latter, it's nonetheless perpetuating a sexist stereotype.

There are no personal attacks intended here... it just saddens me when people who are clearly a significant benefit to the Bitcoin community come forward with posts such as those above.

[/rant]

fabiola!, welcome to the forums.

Unless there's a good reason to keep things private, discussing them publicly is preferred because it can help out people later on with the same problems.

Can you describe the problems you're having? Which wallet software are you using? Have you added a password to the wallet?

So a wallet file of any type (even watching-only or encrypted) plus any single privkey from that wallet would compromise all of that wallet's privkeys... thank you for taking the time to correct me. I'll try to be more careful in the future.

l.j2300,

My sincere apologies for the misinformation, I should know better than to post "answers" if I'm not 99% certain....

This is normal behavior even though it is a bit confusing.

Without rpcallowip, Bitcoin creates two separate listening sockets for RPC, one for each localhost address.

When you create a listening socket with IPv6 that's not bound to a specific IP, you have the option to allow the socket to listen on IPv4 at the same time. With an rcpallowip option, Bitcoin does just that: it creates a single socket, not bound to a specific address, that is listening to both IPv4 and IPv6. Such a socket will only be listed once by netstat, which definitely is confusing, but it's just the way things are.

In other words, you should be troubleshooting under the assumption that Bitcoin is listening to both IPv4 and IPv6. (Bitcoin Core 0.9.3 will have a way to specify which IPs to bind to, which if used will disable this behavior.)

I don't know where the problem does lie, but it's not where you're looking right now....

It's not quite that bad. If one address is compromised, and your encrypted wallet file is also compromised (even if the password remains unknown), then some of the rest would be as well (addresses, including invisible change addresses, that are created after the one that's compromised).

It's up to you to decide how risky you think this is...

If you have a good reason to import some addresses to an online wallet, you could also create a new Armory wallet and try to keep most of your bitcoin in the new wallet, and treat the convenience wallet as less safe.

As I assume you already know, the addresses you choose to export will be at more risk.

In particular, Blockchain is an online wallet whose software is effectively "reinstalled" each time you visit their web page (because it's reloaded from their servers during each visit). This makes it easier for someone (presumably an outside hacker) to replace the software with a Trojan which steals your privkeys.

There's also the possibility that a hacker might steal your encrypted privkeys directly from the Blockchain servers and brute-force your passwords if they're simple enough. You can guard against this by using a better password, and also by changing the iteration count from 10 (which is pointlessly weak if you ask me...) to something greater. (It's under Account Settings -> Debugging.)

Finally, there's an issue inherent in HD wallets: if someone has both your watching-only wallet and a single (non-hardened) privkey, they have access to all of the privkeys which follow the one privkey they have (all Armory privkeys are "non-hardened".) Likewise, if an adversary has your encrypted Armory wallet, even if they don't have the password, this is effectively the same as having a watching-only wallet: that plus a single unencrypted privkey would be enough to access all of the privkeys which follow.

If I were you, and I were interested in an online wallet for convenient access to a smaller amount of bitcoin, I'd open an account and transfer some bitcoin to the online wallet. If you prefer an online HD wallet to make backups easier (like Armory), you could consider GreenAddress.it or BitGo.com (I find the former a bit more secure, and the latter a bit easier to use for newbies, but that's just my personal opinion). Both of these are also multisig wallets, so they also offer additional protection against malware.

Starting sometime around the late 1970s, the Mexican Peso started experiencing extreme inflation. By the late '80s, the price of a loaf of bread was thousands of pesos. The Mexican government introduced the "new peso" whose value was equal to exactly 1000 "old" pesos. In other words, they simply created a 1000-peso coin, but they called it a "new peso" instead of a "1000-peso" coin.

Bitcoin might one day have the same problem, except in reverse (because Bitcoin is deflationary), but the solution is similar. Introduce a unit that's smaller than a single satoshi (maybe you could call it a dannyhamilton?). It would require a bunch of software changes, but it's entire feasible, and it's entirely fair.

Could be bad RAM (this happened to me) or a bad HD sector (less likely).

Head on over to http://www.memtest.org/, and either burn a bootable ISO or use the "Auto-installer for USB Key" to create a bootable USB flash drive, and then boot from it and let it run overnight.

If that doesn't help, there are tools that can test for bad drive sectors too (although you probably shouldn't run them too often on SSDs...).

Here are the steps. I'm assuming that you're running Windows 7 (or earlier) and the external drive is D:

It looks really long, but it's not actually that bad. The only reason it looks so long is that I spelled out every step in detail assuming that you're not really a "Windows person" (if you are, I'm not being intentially condescending....)

1. Create 3 new directories. D:\AppData, D:\AppData\Bitcoin and D:\AppData\Armory.
2. Start Armory, go to File -> Settings, and change the Bitcoin Home Dir setting to D:\AppData\Bitcoin then click Save.
3. Quit Armory.
4. Click the Start (Windows) button, then Run, and type in this then click OK: %appdata%\Bitcoin
5. You'll need to copy all of the files in this folder to D:\AppData\Bitcoin. One way to do this is by pressing Ctrl-A and then Ctrl-C, then typing D:\AppData\Bitcoin into the address bar (pressing F6 first will put your cursor in the address bar), and the pressing Ctrl-V.
6. Return to the address bar, type in this then press the Enter key: %appdata%
7. Rename the Bitcoin folder to Bitcoin-unused.
8. Return to the address bar, type in this then press the Enter key: %appdata%\Armory\databases
9. You'll need to copy all of the files in this folder to D:\AppData\Armory. One way to do this is by pressing Ctrl-A and then Ctrl-C, then typing D:\AppData\Armory into the address bar, and the pressing Ctrl-V.
10. Return to the address bar, type in this then press the Enter key: %appdata%\Armory
11. Rename the databases folder to databases-unused.
12. Click the Start (Windows) button, then find Bitcoin Armory, but don't click on it yet.
13. Instead of left-clicking on Bitcoin Armory as you normally would to start it, right-click on Bitcoin Armory, then click on Properties.
14. In the target field, move the cursor to the far right (past this part: ArmoryQT.exe") and then add a space to the end and add this: --dbdir=D:\AppData\Armory
15. Click OK.
16. Click the Start (Windows) button, then find Bitcoin Core, but don't click on it yet.
17. Instead of left-clicking on Bitcoin Core as you normally would to start it, right-click on Bitcoin Core, then click on Properties.
18. In the target field, move the cursor to the far right (past this part: bitcoin-qt.exe") and then add a space to the end and add this: -datadir=D:\AppData\Bitcoin
19. Click OK.
20. Start Armory normally, and let it finish syncing, and then quit Armory.
21. Back in Windows Explorer, return to the address bar, type in this then press the Enter key: %appdata%.
22. Verify that there is no Bitcoin folder present. If so, delete the Bitcoin-unused folder.
23. Double-click the Armory folder.
24. Verify that there is no databases folder present. If so, delete the databases-unused folder.
25. AT YOUR OWN RISK: empty your Recycle Bin.

Anytime you upgrade Armory, you'll need to repeat steps 12 - 15. Likewise, anytime you upgrade Bitcoin Core, you'll need to repeat steps 16 - 19. Hopefully, that should be it.

For people who would prefer a full node, but don't want to go through the extra hassle, you might want to consider Armory. It will help you download and install Bitcoin Core (which is required for Armory), and it will automatically download a bootstrap.dat (via its own built-in BitTorrent client). You could even uninstall Armory after this initial process completes if Armory seems too complex, and still be left with Bitcoin Core installed and synced.

I rebased the pull request, it should be OK to merge now (it was just a conflict in the version number which I shouldn't have touched to begin with...)

Thanks

Mycelium PINs do not offer a lot of security, see here for more details.

Some PIN schemes do offer decent security, for example GreenAddress PINs are quite secure (see here for more details).

Got it, thanks.

Also, are you a co-author of the paper? I didn't mean to exclude you by calling it exclusively "gmaxwell's blinding scheme"...

I'm glad things worked out

Keep your eye on MultiBit HD - it allows you to make a paper backup that can protect you against forgotten passwords and damaged hard drives. It's still in a testing phase though - if you can't wait, you could consider Electrum or Armory which both offer similar backup solutions.

(I haven't tried MultiBit HD yet, but I have high hopes for it.)

I don't mean to be argumentative, but... Blockchain doesn't help against malware.

Only online wallets which offer per-transaction two factor authentication have any meaningful protection against locally installed malware (and even then it's not perfect).

Blockchain is pretty much a desktop wallet which happens to store both the software and your encrypted wallet on their servers. With this model, they couldn't offer per-transaction 2fa even if they wanted to. (I don't mean to bash them, that's just the way things are).

As far as I know, the only online services that can offer per-transaction 2fa, and therefore improved malware resistance, are multisig online wallets, and online wallets who completely control your keys (e.g. Coinbase).

Of these, I happen to know that GreenAddress.it does offer per-transaction 2fa, and I think that BitGo.com does too (both are multisig online wallets, and therefore share control of your wallet keys with you). I'll bet some of the online wallets that completely control your keys also offer per-transaction 2fa, however I don't know which do and do not. One of these is probably your best bet if you think you're not running in a secure environment.