Show Posts
I am replying here after a few severely disappointing PMs exchanged with the dev.
I wanted to warn about the screenshot malleability risks and propose instead message signing as a proof of Gox balances, using the leaked database.
I dislike my email being spammed, so I PMed the OP with a signed message pointing to a tx (gox deposit) that uniquely identifies my account and then the balance of that account. S/he replied claiming that I proved nothing and stubbornly insisting in screenshots. These PMs have nothing private from either part, so I reproduce them here below.
Sincerely, I do not think that the airdrop will take place. Even if it does, it will be heavily abused. The saddest point is that we had tools that could have made a fair rehab possible.
Some thoughts about KARPELESCOIN:
- The affected should not be required to a priori trust you. E.g., with their emails / usernames / screenshots. I am not saying that you are going to misuse these informations, only that you certainly could.
- I think that you should not trust screenshots. People could easily falsify them. The vast majority of people will act on goodwill, sure, yet the 1%o scammers will try to scam.
- You can use the leaked MT.GOX database, as many users at this forum and elsewhere have confirmed its authenticity.
An idea, which you can consider as my rehabilitation request:
-----BEGIN BITCOIN SIGNED MESSAGE-----
The following statement cannot be used as a proof of balance, proof of
address ownership, proof of loss, or similar procedure, nor any other
legal or nonlegal procedure linked directly or indirectly to MT.GOX.
The single only exception to the previous clause is the KARPELESCOIN
rehabilitation process.
--Claim 1--
The leaked database, file btc_xfer_report.csv, contains the following entry:
49f82903-e8db-42f1-a4e8-ceb7fc1cbe9f,6a1c9089-6825-4676-b65e-9eaac82c2ea3,
"2013-05-23 04:32:03",deposit,0.40236512
This entry is the only one of this exact amount. The amount, but also the
date and time, coincide with the following bitcoin transaction ID:
c77b8ba3935068f2ebae6bebe90c16f81c5104ff8cd635a4bcc20d7a5066242b
I claim that this transaction was a MT.GOX deposit. I also claim that the
sending address in this transaction is the same as the one signing this message
or, in other words, that I made this deposit.
--Claim 2--
The previous claim implies that the mentioned account:
49f82903-e8db-42f1-a4e8-ceb7fc1cbe9f
was my MT.GOX account. From the leaked database, file mtgox_balances,
this account reveals an accounted balance of 221297143 satoshis.
Consequently, my bitcoin balance at MT.GOX was 2.21297143 BTC.
-----BEGIN SIGNATURE-----
154akceYpNr1mAcbRujQi68aKEGtRu9JP1
G/yqXJ9uyZpchM1/sY6c+E2R+YjBjvaE948jrPxrP649V3L1U7y5J5pFWVUCABxAv8wra2NoU/hqp6JQCSCE8z8=
-----END BITCOIN SIGNED MESSAGE-----
I have put the message in http://brainwallet.org/#verify format, but you can use your favorite verifying method.
- The affected should not be required to a priori trust you. E.g., with their emails / usernames / screenshots. I am not saying that you are going to misuse these informations, only that you certainly could.
- I think that you should not trust screenshots. People could easily falsify them. The vast majority of people will act on goodwill, sure, yet the 1%o scammers will try to scam.
- You can use the leaked MT.GOX database, as many users at this forum and elsewhere have confirmed its authenticity.
An idea, which you can consider as my rehabilitation request:
-----BEGIN BITCOIN SIGNED MESSAGE-----
The following statement cannot be used as a proof of balance, proof of
address ownership, proof of loss, or similar procedure, nor any other
legal or nonlegal procedure linked directly or indirectly to MT.GOX.
The single only exception to the previous clause is the KARPELESCOIN
rehabilitation process.
--Claim 1--
The leaked database, file btc_xfer_report.csv, contains the following entry:
49f82903-e8db-42f1-a4e8-ceb7fc1cbe9f,6a1c9089-6825-4676-b65e-9eaac82c2ea3,
"2013-05-23 04:32:03",deposit,0.40236512
This entry is the only one of this exact amount. The amount, but also the
date and time, coincide with the following bitcoin transaction ID:
c77b8ba3935068f2ebae6bebe90c16f81c5104ff8cd635a4bcc20d7a5066242b
I claim that this transaction was a MT.GOX deposit. I also claim that the
sending address in this transaction is the same as the one signing this message
or, in other words, that I made this deposit.
--Claim 2--
The previous claim implies that the mentioned account:
49f82903-e8db-42f1-a4e8-ceb7fc1cbe9f
was my MT.GOX account. From the leaked database, file mtgox_balances,
this account reveals an accounted balance of 221297143 satoshis.
Consequently, my bitcoin balance at MT.GOX was 2.21297143 BTC.
-----BEGIN SIGNATURE-----
154akceYpNr1mAcbRujQi68aKEGtRu9JP1
G/yqXJ9uyZpchM1/sY6c+E2R+YjBjvaE948jrPxrP649V3L1U7y5J5pFWVUCABxAv8wra2NoU/hqp6JQCSCE8z8=
-----END BITCOIN SIGNED MESSAGE-----
I have put the message in http://brainwallet.org/#verify format, but you can use your favorite verifying method.
About Name, Lastname, are not required.
About email, it is a contact email. it is requierd like a way to contact for 1) edit or collectmore info, 2) find out trust. So, it is possible to create an email ad.hoc, so I think there are not concerns about privacy.
However, IP is registred for an account of requests, but other many sites do it too.
About leaked Mtgox database, it is a nice info, but the bind of account and BTC address is missing, I think.
Thanks for reading my message.
Let me insist: My problem is not with emails/IPs but with gox username, balances and screenshots. If someone hacks into KARPELESCOIN database then s/he can impersonate all your users at MT.GOX trial (e.g., through mtgoxrecovery) or try it at least with those screenshots.
Also, yes, you can use the leaked database. Please read again my signed message. I just proved to you that I own the 154akceYpNr1mAcbRujQi68aKEGtRu9JP1 address and, only with public information, that my account at MT.GOX had 2.21297143 BTC right after they shut down. Do not trust me: please go verify it. Logical steps are (leading to my claim 1 and claim2):
- Me, the signer of the message, owns the 154akceYpNr1mAcbRujQi68aKEGtRu9JP1 address as the message is signed with its corresponding private key.
- This address (tx outputs assignedhas to it) sent a transaction, c77b8ba3935068f2ebae6bebe90c16f81c5104ff8cd635a4bcc20d7a5066242b which I claim was a MT.GOX deposit.
- You do not need to trust this previous claim: transaction shows a public amount and timestamp at the blockchain. The leaked database has an entry that uniquely coincides with it and that labels it as a deposit to account 49f82903-e8db-42f1-a4e8-ceb7fc1cbe9f. (the amount is unique for the entire database for my case; amount and time identifies most other entries and people likely had multiple deposits/withdrawals in case one of them was not unique in the database). Looks perfectly usable.
- I proved that 49f82903-e8db-42f1-a4e8-ceb7fc1cbe9f was my account only with public information. The leaked database shows 2.21297143 BTC for that account.
- Consider this my KARPELESCOIN rehabilitation request. Assign me a rehab id and PM me when you are distributing the KARPELES.
Last but not least, even when not fake, screenshots were all of them taken before shutdown. A malevolent user could had screenshot their BTC balance and later sold them all at BitcoinBuilder (which worked until the last minute). The leaked database was taken after it had shutdown (trading halted, internal transfers halted, so database frozen).
Cheers,
I think it is my bad you are misunderstanding my words, sorry.
Obviously rehab decision will not rest just on a screenshot or a leaked database, as they are perfectly manipulable sources. The true decission will be from ALL Knowledge Bases provided by multiple source of information.
Emerging truth will be got by means of applying simple but effective statistical rules.
Regards.
PS: about your rehab, I highly recommend you submitt a request in order to be processed. Leaked Database dont prove any at all, because like a single source, it can to have been manipulated. Really the only truth about your message it you have signed a message with 154akceYpNr1mAcbRujQi68aKEGtRu9JP1, but it is not proved this address be affected by tx-id, as it is leaked and coulb to have been manipulated. It is need crossover all sources and get a truth level.
http://www.karpelescoin.org/request.php
