I got this PM, I forget what I posted Interesting nevertheless.

About 1, well sure thats something, but after posting for a number of years you'd be surprised at what can be found out. Law enforcement have used this to identify prominent hackers in the past, I recall one hacker who as identified from 9 years worth of IRC chat logs, they were able to determine his politicial views among other things and essentially "worked" backwards once they found their suspect.

So lets say they read your posts and find out that John Doe fits the profile of malevolent based on your political views, writing style, information leaks etc. They can work backwards and try to link John Doe to malevolent in order to prove and that John Doe is malevolent. They can do things such as tor timing attacks and using your ISP to do deep packet analysis in order to prove John is malevolent.

Deleting posts is more of security by obscurity, your posts may be stilled indexed by websites such as Google cache and web.archive.org, its also included in forum backups and its possible at least one person is scraping posts on this forum, especially considering we've recently had a number of high profile users posting here such as Ross Ulbricht. Some forums have RSS feeds too and if thats the case it will be in the cache of thousands of users RSS software.

In fact the case against Ross Ulbricht would be much weaker if he had been using an anonymous account to post here.

Because of this


For example, in one post a user mentions being from the UK, on another he mentions being an avid player of an online video game, in another he reviews the bitcoin exchange he uses, in another he mentions his brothers name. Over time these little pieces of information can be used to build a profile of the actual user and possibly deanonymize them.

The trust system is seriously flawed. A few users on the forum are essentially monarchs of the system because most people do not update their trust lists. Everybody should be very suspicious of all positive and negative feedback.

You really should look into why people have received neg trust/scammer tags. If you look carefully you'll see I actually have positive trust and was tagged a precaution as it is suspected this account was used to defraud the ripple giveaway.

This account doesn't belong to me, by looking at the post history I see at least 3 people have posted on it. The original owner used it to advertise his hidden service marketplace and the other users are now using it to post anonymously and in one case, troll.

I give you 8/10 as you made me reply.

I will code the plugin to do this if there is a small bounty offered for it.

The pay-per-post could also have another interesting function. If an anonymous user needs to prove they are a previous poster, they could sign a message from the address they used to pay-per-post to prove so.

Nailed it.

How about to post anonymously the poster needs to deposit a few cents worth of BTC?

Perhaps the BTC could be sent back to the poster after a period of time, unless the post is considered spam by a moderator.

Thermos get in here!

A large number of people who use this forum attempt to post anonymously (including myself).

I do not like having a permanent account and frequently switch my username. Having a permanent account gives an observer the opportunity to link information from multiple posts together to build a profile of the real user.

I think this is a feature that would be very welcome.

JAgBR95NLWeHeaNfDGig

Have many orders become subject to scrutiny by customs?
Any that you know of in the EU?
I'm assuming there is nothing illegal about these?

I'm not well known or probably that trustworthy, but anyways I got install_flash_player.exe (you wanted the Windows one right?) the site said it was v11 but didn't tell me if it was 11.9.900.117 or an older or newer minor version, I'm assuming its the latest.

3e8d832591aff54510f9904b6348e2e2351a28a4ef137f4f19535b747c00c89e

TY Dank TY, good job fellow perfect timing too, just as I needed it to rent out a VPS for some stuff.

Dank has repaid another loan in full with extra and on schedule. Trustworthy user.

I see, yes I knew that oh well, I didn't have the time to fully demonstrate it or create an email account that can send emails as I do not own one. Oh well, maybe next time.

Actually I think I've found something else, it's an isolated attack but possibly much more severe (don't worry I found this same problem on linkedin.com and a large number of other sites). I'll email you when I get a fully working demonstration together.

Do I get a bounty?

I'll test it out later and ensure it is patched correctly.

If you feel compelled to tip for any reason: http://1v.io/m8r-74xku9@mailinator.com

Note: I haven't actually scammed anyone, this account received a precautionary scammer tag.

I think you nailed it.

A while ago, I remember WhiskChat's inputs.io account used a disposable yopmail.com email that I was able to access...although it wasn't much use as if I remember correctly you cannot reset password by email using inputs.io. I also remember Whiskers used at least one other disposable email account for other purposes too. I'm assuming this is how his website and forum account were compromised.

On a related note during my "security audit" I noticed there was also an IP filter on inputs.io. I found out that it can be circumvented by tricking the account owner into visiting a site with some simple JS that takes advantage of an old DNS rebinding attack and allows me to essentially use their browser as a proxy to access inputs.io or any other website of my choosing.

An update.

Dank has followed through and repaid 0.109btc.

I think he has the rest but wants to try out some investment so I'm giving him all the time he needs to finish off the loan.

TY Dank.

Dear Mods,

I was scamtagged for scamming the ripple giveaway or something (I didn't do it):

https://bitcointalk.org/index.php?topic=178646.msg1867994#msg1867994

I don't care that I have a tag as I only want to post and not trade, but because I am tagged I cannot change the email address associated with my account.

I ask is it possible to have forum staff change my email address so that I don't have to sign up and go thru newbie jail again? I would have no problem making a small donation to the staff or the forum.

Thank you for reading this,
Warm Regards,
Not a scammer,
anonameous

Don't forget to tell Google to remove their ads from AdSense and remove them from the search index too. Oh wait! they won't...

No they don't. They let people sell accounts here because most of them communicate with buyers via unencrypted pm's which can be retrieved by forum staff in future to help with scam investigations. *wink*

If they began deleting the account selling threads, the sellers would go back to other forums where they used to sell bitcointalk accounts and make the problem worse. Deleting the threads won't make the problem go away it'll just make it worse.


Proof of it being "investigated"? and for what crimes exactly? Being cited as a source of evidence in a criminal case doesn't make this site a "scammer", by that logic Google is also a scammer.


WOW! you mean 2 CASES? Meanwhile Google and Facebook are mentioned in tens of thousands of criminal cases every year involving those crimes and almost every other crime you can think of, and some of those cases are actually against those websites too.

Damn, so Iceland's banks stole a few billion then, eh? I demand criminal charges to be brought against them for that.


The interest was frozen a long time ago.