I've been asking myself this question for a while now. We have to remember that Bitcoin is no longer an experimental payment method - it is now a competing currency and is now recognized to be a viable threat to the existing financial system.

I have no doubt that Bitcoin users are now under increased scrutiny by the government for many reasons - including to try and discredit them in order to hurt Bitcoin's image. Take a look at Charlie Shrem as an example.

How does a tinfoil-hat-wielding Bitcoin user cash out truely anonymously? I know that cashing out anonymously has been discussed many times before but there are problems with all of the methods I have seen.

What we want to do is convert to cash, just to be clear.

Face-to-face cash
The main problem is of course that the other party knows who you are (what you look like, phone number etc).

I was going to do a f2f trade with someone before, prior to the trade I background checked his username and the guy had posted online that he buys from Silk Road and hinted that he sold drugs. So when you meet someone they could very well be an amateur drug dealer. This is obviously very bad for many reasons, they could be under surveillance. What will the police think when they see a dealer handing you lots of cash?

I've refrained from doing f2f transactions because I do not like the thought of meeting a stranger. Where are the best places to meet? How do these usually go down? has anyone had any bad experiences?

Cash in the mail
Same problem as with f2f, the other party has your address and knows who you are. You could use a P.O. Box but you still need ID to open one. The other thing is its possible the cash is stolen in transit or intercepted. You are going to come under increased scrutiny if post office/customs see you are getting cash in the mail every week.

Western Union
I've never used WU before. What information do I need to give? How does the process work, what do I have to bring with me? Does WU give any guidelines on how they hold the information and under what circumstances they give it out?

Anonymous visa
There are a bunch of these anonymous visa cards going around which are issued by banks in Poland. It looks like people are somehow able to open accounts with fake details and they then send you the visa card in the mail. It's supposedly legal. It sounds great but I have heard of customs seizing the cards or even the bank disabling them. Does anyone know what the legality is with these?

Does anyone have any ideas or know how one can cash out truely anonymously? Please share your technique and if I like it I will tip you!

This is something that has been bugging me so much for the longest time.

People use Bitcoin to escape the financial system, to escape the control of governments. Yet when something bad happens they go running straight back into the arms of the government demanding help. "oh no I've been scammed! government save me!".

If you use Bitcoin, you use it at your own risk. Everybody who had money on Mt Gox should have known the risks. If you lost money you have nobody to blame but yourself as you and only you undertook the risks knowing full well that MtGox or even a hacker could've ran for the hills with your money at any moment. If you have your money stolen, deal with it yourself and move on. Don't involve governments to save you from your own mistakes.

Bitcoin has grown too big and I don't like what its turning into.

Actually thats not so likely. The forum uses SSL encryption with perfect forward secrecy. It's unlikely the NSA obtained copies of PM's unless either:

a) either you or the receipient were the victim of an SSL MITM attack when sending/receiving the PM.
b) theymos or the hosting provider has given the NSA access to the forums database.
c) spyware on recipient or senders machine.
d) backdoor in forum software

A is completely preventable thanks to Theymos. You can verify, store and manually check the SSL cert because theymos signed a PGP message containing the certs fingerprint. SSL observatories built into browsers such as TOR browser also mitigate the risk of an SSL MITM.

B is unlikely

C is probably the easiest way to do this

D is incredibly difficult to do because the forum software is open source


Yes, but unfortunately that is not always an option and sometimes people slip up and do not encrypt information and realizing months later that they should have.

Wangbus is working on the new forum software. It's not clear whether he needs the database schema or content or just specific tables, but this post gave me quite a scare considering there are many users here who need high levels of privacy.

For example, one user here who is a government whistleblower claims that letters they sent to EU officials were intercepted by corrupt customs officials. This person uses Bitcoin for all of their finances due to their bank accounts being frozen and does most of their Bitcoin transactions via members of this forum. It's not farfetched to assume that the government involved would like to learn more about this persons finances.  It is also likely that there are other users here in similar situations who may not want powerful entities reading their PM's on this forum and I'm sure the majority of users have at least one message they would like kept private.

I have no reason to believe that this software development company would spy on private messages but the problem is we can't know for sure and on top of this we have no idea how the database will be handled. If they do require the database content and if the database is not properly encrypted before transfer to Slickage Studios or not properly destroyed after it is quite possible it could be obtained by a malicious entity.

It is also possible that spyware on an employee's machine may also be able to obtain the database - governments are known to use BIOS-based spyware which is almost impossible to detect and requires specialized hardware to remove.

This is an unnecessary risk so if you have private PM's - you should be encrypting them - but if you haven't been then I'd recommend deleting them from your inbox and sent folder and also PMing the recipients and have them remove them from their inbox and sent folder also. This will remove them from the live database so you won't be exposed to any unnecessary risk should they be given to the software development company. We should always assume the worst case scenario and hope for the best...

Encrypt it with PGP...

I'm interested. Let me know if I'm eligible

Email is already decentralized in the sense that anyone can set up their own mail server. Any email can be encrypted too with PGP regardless of the provider.

However we have a p2p messaging system but I wouldn't recommend it yet until it's a few years older. When it comes to crypto it needs to be studied for a few years before we know if its safe and know all the risks:
http://bitmessage.org

We could do with a better one though, bitmessage has a lot of design flaws and doesn't scale well at all.

Most people think that right up until it matters.

Ever watched porn? the NSA knows which ones you watch.

Lets pretend you were secretly gay and decided to question the governments authority. They could use that against you, they could threaten to out you unless you stfu and they have done exactly that before.

It's not good to have the NSA collecting this information. What about a rogue employee? a hacker? ANYONE could get access to it. They seem to think that when they place backdoors in software/crypto that only they can use them and that when they collect info only they can access it. Not true at all!

But the problem isn't that the NSA collect it, its that people voluntarily give their private information up. It isn't just the NSA who do this, of course every government is secretly doing it, large corporations are doing it and even criminals. I say let the NSA collect all they like, it's the people that need to stop.

Of course.

According to the Snowden leaks, the aim of the NSA isn't to just collect information on terrorist threats to the nation, their aim is to collect information that is "beneficial" to the nation. If a corporation foreign or domestic has information that is useful they will collect it and use it, whether it be financial records, source code, or blueprints for new inventions.

http://www.liveleak.com/view?i=f93_1390833151

I've done some background checking. I don't have much on Wangbus yet but I do have some stuff for Ed (taesup).

Resume:
https://sites.google.com/site/taesup63/EdwardKimResume.pdf

Blogs:
https://sites.google.com/site/taesup63 - has some previous projects
http://taesup.com/blog
http://taesup.blogspot.ru/

Social:
https://twitter.com/taesup

github:
http://github.com/taesup

Thats not what happened at all. We want forum software, we all do, but we're not happy with the way things are being handled.

A while ago Theymos offered 5500BTC to make the forum software and had people from the community contact him:
https://bitcointalk.org/index.php?topic=50617.0

Hundreds of people contacted him, some people with extensive portfolio's and some people that were well-known and trusted by the community. After reviewing hundreds of people Theymos decided that he wasn't happy with having anyone other than himself make the forum software.

I can understand that because if you want something done right you gotta do it yourself and unlike Bitcoin where you can just send money to an exchange and get BTC, there isn't an exchange that you can send money to and get good forum software.

Theymos is still in college etc so he didn't have any time to make the software himself. So after a year or so of stalling he decided to hand over $350k as part of a million dollar contract to a software development company that is unknown to the community without telling anyone - not even other bitcointalk.org staff.

Unlike the previous offers this particular software development company does not have any public portfolio or even a company website. They also refuse to show us any previous work at all claiming ALL of it is NDA - we have yet to see a single line of code that was written by them. I am not sure if you realize this, Slickage Studios, but that money was donated by the community over the past number of years so all these people who are asking questions are the ones who are paying the bills, not Theymos - in fact I don't think he paid a penny of his own money.

Theymos hired this company without even telling us and this was the wrong thing to do, he should have posted here beforehand letting us know his intention to hire them and had us grill the company seeing as we were the ones paying for it.

In addition to this it is many people's opinion that the cost is excessive. You can argue that x cost x to make or x got so much in IPO money but lets not forget that the Satoshi Bitcoin client cost $0 to make and has spawned an industry worth a Billion dollars.

In the end of the day Slickage Studios were not the only bidders for this project and many more established dev companies were willing to make it for less (5500BTC was $150,000 at the original time of offer). In addition to this Slickage Studio's are not Twitter, Facebook or VBulletin and they cannot justify their costs by quoting their expenses. Also most of the people here would not like a startup working on this project but rather an established company with verifiable history and a track-record.

This is what has happened. This is why people are mad. Anybody would agree we have a right to be mad and highly suspicious of this entire thing.

PHPBB isn't much better with regards functionality, does not handle big forums well at all and it is far less secure in general compared to SMF. The code is very messy and pretty sketchy in places and there a ton of file inclusions in PHPBB - that is not a good combination!

It doesn't have the best track-record when it comes to security either:
http://www.cvedetails.com/vulnerability-list/vendor_id-1529/Phpbb.html

Here is SMF's:
http://www.cvedetails.com/vulnerability-list/vendor_id-2069/product_id-3598/Simple-Machines-SMF.html

Don't get me wrong, SMF sucks, but most forum software does. It's a good thing BitcoinTalk is making their own and even better that its being released open source, I'm just not liking the lack of transparency and I hope the costs will be justified in the end.

This is where it gets complicated (lol)
https://en.wikipedia.org/wiki/Hacker_%28term%29#Hacker_definition_controversy

Essentially the term hacking covers much more than just subverting security.


Lets take a iPhone. You root it and install Cydia and decide to use free apps instead of the App Store. You have took advantage of Apple because they sold that iPhone at $600 and were depending on you to purchase apps to make most of the profit. You've now defeated their DRM and have caused them to lose out on this profit they budgeted for. You could say it is selfish and it is also illegal in many jurisdictions in some cases for this very reason: https://en.wikipedia.org/wiki/IOS_jailbreaking#Legal_status

In a way, we have the same definition and in a way we don't.

In a simplified way if you don't break a law it's whitehat. Rooting is phone isn't "blackhat" and neither is hacking an elevator. Blackhat hacking would be outright stealing the 100BTC. Stealing 100BTC and then returning it later and informing them would be greyhat. Informing MtGox and not stealing it would be whitehat.

Whitehat hacking can be for personal gain which is why I said "fun and maybe profit" but as long as it's "legal" (relatively) and victimless I don't see how its blackhat.

I abuse all glitches that I can find, always. It's how I live my life, if I find a "glitch" it's abused, whether is rooting an android phone or preventing an elevator from stopping at other floors on the way down. And I'm not the only one who does this either. They call us "whitehats" and we're not going anywhere

So if you don't want your shit "glitched" then do your job properly and don't leave any glitches behind - especially glitches that have a wiki section dedicated to them - because eventually it will be found and abused for fun and maybe profit.

Stop thinking that people won't abuse glitches. The only way to stop people abusing them is ensure the glitches do not exist.

Bump. Still looking

EDIT: No longer needed.
(mods leave thread here because I may reopen it in near future)

The scam accusations board has so many threads that its now unreadable.

I suggest we add sub-boards to keep it organized, for example:

Group-buy scams
Loan scams
"Hacks"
Fake beggars
Matthew N Wright
Fake ASIC companies
Ponzi schemes
Trusted users who have gone rogue
PayPal
Scamcoins (excluding shitcoins and trollcoins)

Do you want to see these subboards added?
Theymos has promised me if we hit 21 million yes votes he will implement them within "a year or so" at a cost of around $350k so please leave your vote in the poll!

LOL! It's vulnerable. I can change the transaction ID in the block still and if you are using the transaction ID to track the payment it'll appear gone to you. Your client will notice the new tx as it gets broadcasted to it but it won't "know" that its actually the other tx.

Of course the client does not "lose" the BTC, no client that I know of does that when the txid is changed in transit.

no one knows how much was stolen. It's quite difficult to noticed 10BTC missing out of hundreds of thousands. You could easily write that off as a mistake. That could be extra transaction fees that accumulated.

But the thing I will say is once this attack was executed it would be very obvious what has happened because when Gox tries to spend the change those transactions won't work etc etc.