Bitcoin Forum
February 16, 2019, 12:23:18 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 [31] 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 ... 377 »
601  Other / Meta / Re: Spam from @AlexPromotion on: January 15, 2018, 09:41:02 PM
But all this is still assuming that JS is enabled right?

The well-known timing attack which allows you to completely deanonymize the user if you control the guard and the server (or server's ISP) does not require JS. For example, if the NSA wanted to know everyone who visits regularly, they'd observe's ISP and set up Tor non-exit relays such that you have a 5-10% chance of choosing one of the NSA's relays as a guard every time you start Tor. Over time they'd build a complete list of all IPs for Tor users who visit It's almost trivial. I'd be surprised if the NSA is not doing this already, possibly for large sections of the entire Internet (especially centralized things like Cloudflare).

VPN/HTTP proxy: a little lock on a diary
Tor: A Master lock. (Note: look up lockpicking videos for Master locks.)

There is currently no anonymity technology which is secure in the way that Bitcoin is secure (against different attacks). Anonymity research is weak, and implementation is even worse. For example, there's something from academia called Riffle which fixes some of Tor's many problems, but nobody's bothered implementing it in a usable form even years after it was published.
602  Other / Meta / Re: Copper Membership Paid | Refreshed and nothing on: January 15, 2018, 08:46:56 PM
I see two transactions from you, both for 0.00018580 BTC. 0.00018580*2 = 0.0003716 BTC, which is less than the 0.00208333 BTC copper membership.
603  Other / Meta / Re: Spam from @AlexPromotion on: January 15, 2018, 08:24:05 PM
I've never heard of this either. Tor and VPNs are meant to protect you against this sort of stuff and I doubt even the CIA can find this info if you're smart enough (though I believe VPNs can accidentally leak your IP in some ways). What you might be thinking of is browser fingerprinting though which can be very useful to catch alts and just using a proxy won't help you (and I think this should be on the new forum). You might use a different IP for your accounts but you almost certainly won't be using a unique PC or browser for each of your alts and accounts could be collated and searched by them and cross referenced with other data etc. 

A year or two ago I was researching fingerprinting techniques that'd work against pretty much anyone with JavaScript enabled, and I found several promising leads on that front. But then it occurred to me that I don't really want to be known as the #1 forum on the leading edge of de-anonymization technology, so I stopped pursuing it seriously...

IMO The most interesting idea I had was that you could probably fingerprint based on latency even via Tor using long-term data collection. A Tor connection looks like:

User --- ISP --- Guard --- Mid --- Exit --- Server
      A       B         C       D        E

The latencies of connections A, B, and A+B are good fingerprint values; ISPs should have statistically-significant differences in latency to the server if the latency can be determined with enough accuracy. Latency will also uniquely vary over time; ie. latency will go up slightly when your ISP is busy, the schedule of which will be distinguishing. Additionally, Tor selects a handful of guards when it starts and then uses only those, so if you can figure out the complete list of guards, this fingerprints a long-term Tor session across sites and logins.

Connection E can be directly measured, as can A+B+C+D+E if JS is enabled. That alone may be enough for fingerprinting A+B if you collect data over a long period of time. You'd roughly model the random latency distribution of C+D across the entire Tor network (which is not that large and is predictable in several non-obvious ways); then since you have a whole bunch of A+B+C+D+E and E measurements, you can get a good idea of A+B.

You might be able to do even better by taking into account these facts: Tor changes to a new random Mid and Exit every 10 minutes, but it only affects new TCP connections. So you can usually control the timing exactly by opening TCP connections via JS. And it chooses a random Guard only from a small set, with that set being chosen only at the start of the long-term Tor session. So you might be able to get the guard identities (or a fingerprint of the guard identities) and info about the latencies by collecting latency data every 10 minutes via JS and looking at the clusters formed by the handful of different guards.

On a MITM attack, you can do even better. If you control both Mid and the server, then you know C, D, E, and the Guard identity. A+B is then trivial to calculate. There are only about 6000 Tor nodes, so if you only run one Tor non-exit node, you have something like a 1/6000 chance every 10 minutes to fingerprint the user this way. (That's a really rough estimate; the odds are better because you can exploit Tor behaviors like its IP-space diversity requirements, but worse because selection is not random, and is also based on things like seniority and bandwidth.) Additionally, if a user happens to choose your node as a guard when he starts his Tor session (so a smallish chance ~per day rather than per 10 minutes), then you can completely deanonymize him (ie. get his IP address) when he visits the site; this is a well-known attack which the NSA & friends are probably doing all the time on a very large scale.
604  Other / Meta / Re: Newbie PM opt-in on: January 12, 2018, 06:00:25 PM
You're probably right and it will cut down on a lot of other unsolicited PM spam as well but I think the restriction/option to turn it on/off should be clearly stated so people are even aware of it. New users who run businesses here will likely want or need to receive PMs from them and they might be completely unaware of this restriction otherwise.

If a newbie is stopped from sending a PM due to this, they get get:
User _____ has not chosen to allow messages from newbies. You should post in their relevant thread to remind them to enable this setting.

And if you try to PM a newbie while you're ignoring newbies, you get:
User _____ is a newbie, but your options are set such that you cannot receive PMs from newbies. Therefore, you cannot send PMs to newbies, either.

So I think that it should be rare for people to be unaware of it. If a newbie posts a trading thread, then they'll have people posting to remind them.
605  Other / Meta / Re: Are you embarrassed to post in the ivory tower? on: January 11, 2018, 10:24:12 PM
The name is supposed to be fun. I don't actually mean that people who post in the section are "living in an ivory tower".

I hope it will take us back to the old cafe society era where intelligent and erudite discussions could take place in a pleasant environment.

How about I rename it to Le café d'or, then?

Someone should create a poll.
606  Other / Meta / Re: Newbie PM opt-in on: January 11, 2018, 08:27:38 PM've just created a problem for me with this. I just went to send a message to someone about tokens that they wanted to buy and I can't send it. The trouble is that he has given me 0.1 ETH as a deposit so that I would keep a certain amount of them back for him and so that I could move some of it into the wallet where the tokens are so he could see that I really have the AGI tokens.

I just made it so that everyone who has sent a PM to a newbie in the last 30 days is already "opted in". Does that fix your issue?

Wouldn't it be better to allow all messages at first but give a warning with PMs from newbies such as something like "Find this message annoying? Go into personal settings to block messages from brand new/newbie accounts" etc?

I didn't do that because I think that only a certain subset of users (maybe a minority) want to ever receive PMs from newbies, so it seemed to make more sense for such people to opt in.
607  Other / Meta / Newbie PM opt-in on: January 11, 2018, 07:39:04 PM
In response to the annoying PM spam, you now have to opt into receiving PMs from newbies. The option is in your PM preferences. You also can't send PMs to newbies if you haven't opted in. Copper members are exempt, but only if you're wearing the copper membership.

You should opt into receiving newbie PMs if you post offers in the marketplace, if you like answering newbie questions, if you're a moderator, etc.

To start with, if you sent a PM to a newbie in the last 30 days, you're already "opted in".
608  Other / Ivory Tower / Re: The practical aspects of running a Bitcoin node over public WiFi. on: January 10, 2018, 06:35:44 PM
Some things that come to mind:

 - There's been some academic success in getting the encryption keys from a computer via sound analysis. Computers can make different sounds depending on the data they're operating upon.
 - AFAIK both public wifi (ie. wifi where the attacker has the wifi password) and mobile-data protocols are completely broken security-wise. Wifi via arp spoofing and such, and mobile-data due to various attacks against inherently insecure protocols. So you should probably assume that the attacker controls your Internet connection completely.
 - If an attacker controls your Internet connection completely, then they can do things like preventing legit blocks from reaching you, preventing you from seeing conflicting transactions, giving you only their blocks, etc. If you get a few confirmations, you'll know that someone put a lot of effort into mining them, but you won't be able to confirm that they're the longest chain, since the attacker may be blocking the longest chain.
 - I wouldn't rely 100% on HTTPS, but it's not exactly trivial to defeat. Properly-configured ssh or OpenVPN are even better.

I think I'd do something like keeping all Bitcoin keys off of the laptop, and instead use ssh to connect to my real Bitcoin node. And then if you're really paranoid, change your laptop's ssh key right afterward.

And/or you could use an OpenVPN VPN, either purchased (in which case you're trusting the VPN service not to MITM you) or by setting up your own OpenVPN server somewhere. Then evil wifi can only block you, not interfere or monitor. But you have to make sure that it's configured correctly, since most VPN setups will by default switch to your native connection whenever it can't connect to the VPN. There are iptables rules that will prevent this.
609  Other / Serious discussion / Re: Question on this Decentralized Biometric concept. on: January 10, 2018, 06:07:51 PM
Probably that's not possible. Biometrics is like symmetric (ie. "password-based") encryption. It's like you translate your biometric features into a key which is then shared with someone. There's no way AFAICT to translate biometrics into an asymmetric setting, which is what you want.

I think that nowadays biometrics has mostly been discredited for serious authentication. It just tends to be too easy to fool: eg. you can get someone's fingerprint off of a glass (or off of the readings of a compromised biometrics device) and then make a copy in a 3D printer or something. I think that nowadays biometrics is used mostly in niche settings where people can't be trusted to create a secure password, but yet you can't force them to learn how to create secure passwords. In those cases, using biometrics (maybe plus some other stuff) is at least a bit better than having people use "love123" as their password.
610  Other / Serious discussion / Rules for Serious Discussion and Ivory Tower on: January 10, 2018, 05:15:10 PM
These two sections are for serious discussion.

 - When you post, you must have a clear point. If you ramble on about nothing, then your post will be deleted.
 - You must stay fairly close to the topic being discussed in each thread.
 - While some amount of error is difficult to avoid, if your English is so broken that you sound stupid, then your post will be deleted.
 - No advertising of any kind.
 - Signatures are not displayed.
 - You must be at least a Jr Member to post in Serious Discussion, and a Full Member to post in Ivory Tower.
 - Posts in Serious Discussion only activate a potential-activity period. They do not increase your post count.
 - Posts in Ivory Tower neither activate a potential-activity period nor increase your post count.

Repeated violations of the rules will result in you being banned from the forum as a whole.

Humor is OK as long as it has a point. Any topic of conversation is allowed here, including altcoin talk, except:

 - If you want a response from forum administration, meta talk goes in Meta.
 - Altcoin talk that is advertisement/pump is not allowed, since no advertisement is allowed here.
 - Stuff globally disallowed/restricted (eg. Investigations content) is not allowed.
611  Other / Meta / Re: Two new no-signature boards on: January 10, 2018, 05:12:05 PM
I see that newbies were already posting junk in Serious Discussion, so I made changes:
 - The member limitations are moved up one rank. You must be a Jr Member to post in Serious Discussion and a Full Member to post in Ivory Tower
 - Posts in Serious Discussion only activate a potential-activity period. They do not increase your post count.
 - Posts in Ivory Tower neither activate a potential-activity period nor increase your post count.

If the name "Ivory Tower" wasn't intended as a satirical jab at the current situation of the forum as well as the new boards' position within the aforementioned context, you might've misnamed it.

The name is supposed to be whimsical and slightly self-deprecating, not to imply that the idea of such a section is stupid/wrong.
612  Other / Meta / Re: Two new no-signature boards on: January 09, 2018, 07:18:41 PM
Altcoin talk is OK there as long as it doesn't look like an advertisement. Any topic is OK unless explicitly banned (eg. Investigations content).
613  Other / Meta / Re: Why is there no local board for Japanese? on: January 09, 2018, 07:16:33 PM
614  Other / Meta / Two new no-signature boards on: January 09, 2018, 07:08:39 PM
I created two boards:

 - Serious discussion. No limit on topic, but moderation of on-topicness and general sanity will be extra harsh. No advertising of any kind. Signatures are not displayed.
 - Ivory Tower. As above, but you must be at least a Member in order to post there.
Currently these boards are not treated specially in the activity calculation. I'm currently feeling that:
 - Removing them totally from the activity calculation is kind of unfair to posters there.
 - Allowing them just to activate a potential-activity period isn't much different from treating them normally for activity.
 - Treating them normally for activity won't be so bad, maybe.

But we'll see how it goes. These boards are largely experimental.


I see that newbies were already posting junk in Serious Discussion, so I made changes:
 - The member limitations are moved up one rank. You must be a Jr Member to post in Serious Discussion and a Full Member to post in Ivory Tower
 - Posts in Serious Discussion only activate an potential-activity period. They do not increase your post count.
 - Posts in Ivory Tower neither activate a potential-activity period nor increase your post count.
615  Economy / Auctions / Advertise on this forum - Round 233 on: January 09, 2018, 06:41:08 PM
The forum sells ad space in the area beneath the first post of every topic page. This income is used primarily to cover hosting costs and to pay moderators for their work (there are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees). Any leftover amount is typically either saved for future expenses or otherwise reinvested into the forum or the ecosystem.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. No ICOs, banks, or funds; I may very rarely make exceptions if you convince me that you are ultra legit, but don't count on it. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.


- Your ads are guaranteed to be up for at least 7 days.
- I usually try to keep ads up for no more than 8 or 9 days.
- Sometimes ads might be up for longer, but hopefully no longer than 12 days. Even if past rounds sometimes lasted for long periods of time, you should not rely on this for your ads.


Exact historical impression counts per slot:

Info about the current ad slots:

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
Also read the comments in that file.

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

The maximum size of any one ad is 51200 bytes.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

If you have never purchased forum ad space before, and it is not blatantly obvious what you're going to advertise, say what you're going to advertise in your first bid, or tell me in a PM.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.02.
- The bidding starts at 0.02.
- I will end the auction at an arbitrary time. Unless I say otherwise, I typically try to end auctions within a few days of 10 days from the time of this post, but unexpected circumstances may sometimes force me to end the auction anytime between 4 and 22 days from the start. I have a small bias toward ending auctions on Fridays, Sundays, and Mondays.
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.
616  Economy / Auctions / Re: Advertise on this forum - Round 232 on: January 09, 2018, 06:37:30 PM
Theymos, would this be a valid entry for an ad banner?
Id hate to bid and not have a valid entry, thanks!

As BTCforJoe said, you can't make the entire banner an image. Basically, if images are used for positioning or general text styling -- which CSS should be able to do --, then it's not allowed. But usually I allow little logos and such which can't be properly replicated in CSS.

Can you consider, as an exception, our request for an ICO project?

Sorry, no.

Auction ended, final result:
Slots BTC/Slot Person
4 0.14 ChipMixer
2 0.12 Blocklancer
3 0.10 Aengus
617  Other / Meta / Re: Getting Mail from Bitcointalk for PM that doesn't exist on: January 09, 2018, 12:06:20 AM
For large spam campaigns, I retroactively wipe the spam PMs once they are discovered.
618  Other / Meta / Re: Getting Mail from Bitcointalk for PM that doesn't exist on: January 08, 2018, 05:38:56 PM
That means that it was a spam PM that got wiped before you read it.
619  Bitcoin / Alternative clients / Re: Time to move from Electrum on: January 08, 2018, 05:33:07 PM
Electrum is still one of my favorite wallets, but you have to understand its limitations:

 - Its privacy (and security, to some degree) is inherently bad due to its verification model.
 - It's written in an interpreted language, which makes me instantly suspicious of its security.
 - It has a very small team.

I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.

IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
620  Economy / Auctions / Re: Advertise on this forum - Round 232 on: January 08, 2018, 04:52:47 PM
- When someone violates the divisibility rule, I always round down to the nearest valid price.
- Please do not do the one-bid-per-slot thing. All of the slots are fungible, so you bid "number_of_slots @ price_per_slot".

ANN Thread:
1 @ 0.03
2 @ 0.03
3 @ 0.03

Sorry, no ICOs.

I would appreciate a clearification on which bids are actually valid. Seems like most are ICOs?
I would like to advertise our freelancing platform:


I would accept your bid, but it's currently too low.

1@0.12  (if bitcoin forks are allowed)

I would allow Bitcoin forks in general, but I find it somewhat deceptive to name a fork or other altcoin "Bitcoin ____", since they are not Bitcoin. So I will not accept your bid in this case.

Auction status:
Slots BTC/Slot Person
4 0.14 ChipMixer
5 0.06

The auction continues.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 [31] 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 ... 377 » is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!