[BTC-TC] Virtual Community Exchange [CLOSED]

[carnitastaco]

Burnside, have you considered maker/taker pricing?

[1713978022]

1713978022

[1713978022]

1713978022

[1713978022]

1713978022

[1713978022]

1713978022

[1713978022]

1713978022

[burnside]

Burnside, have you considered maker/taker pricing?

Yeah.  I wouldn't mind doing something that shifted some of the fee to the maker, and reduced it on the taker.  Would be curious to hear from the masses what they think?

[Deprived]

Burnside, have you considered maker/taker pricing?

Yeah.  I wouldn't mind doing something that shifted some of the fee to the maker, and reduced it on the taker.  Would be curious to hear from the masses what they think?

Hope you mean other way round.

Maker should get the lower or zero fee (for adding liquidity), taker the larger (or whole) fee for removing liquidty.  It's great for removing spreads - with people buying bidding 1 satoshi below ask rather than buying so as to avoid a fee.

The other way round (which you said) works to discourage people placing orders - leaving empty order books.

[burnside]

Burnside, have you considered maker/taker pricing?

Yeah.  I wouldn't mind doing something that shifted some of the fee to the maker, and reduced it on the taker.  Would be curious to hear from the masses what they think?

Hope you mean other way round.

Maker should get the lower or zero fee (for adding liquidity), taker the larger (or whole) fee for removing liquidty.  It's great for removing spreads - with people buying bidding 1 satoshi below ask rather than buying so as to avoid a fee.

The other way round (which you said) works to discourage people placing orders - leaving empty order books.

Getting late here.  Yes, the reverse of what I said.  We want to encourage orders on the books. 

[Lohoris]

~~ PSA PSA PSA ~~

btct.co accounts are definitely on the radar for hackers.  I just finished replying to a very unhappy user with a compromised account.  (Logs showed logins from China, South Korea, and Japan, all in a 24 hour window.)  It's only the second such case I've heard of over the last 6 months, but that makes two accounts too many.

TURN ON 2FA.
 

mmmh... I have always kept it enabled for trades and withdrawals, and disabled for login, assuming in this case an eventual attacker may do nothing more than just looking at my portfolio... or did I miss something?

[EskimoBob]

~~ PSA PSA PSA ~~

btct.co accounts are definitely on the radar for hackers.  I just finished replying to a very unhappy user with a compromised account.  (Logs showed logins from China, South Korea, and Japan, all in a 24 hour window.)  It's only the second such case I've heard of over the last 6 months, but that makes two accounts too many.

TURN ON 2FA.
 

2FA you offer is only usable if you have a phone that supports it.

Today it is really easy to figure out the geographical location of IP address and clients "typical" location.
If I start suddenly logging in from China, trust me, something is wrong and BTC-TC should ask me for PIN or something before letting me in.
Even better, lock down my account and send me a e-mail.

[🏰 TradeFortress 🏰]

~~ PSA PSA PSA ~~

btct.co accounts are definitely on the radar for hackers.  I just finished replying to a very unhappy user with a compromised account.  (Logs showed logins from China, South Korea, and Japan, all in a 24 hour window.)  It's only the second such case I've heard of over the last 6 months, but that makes two accounts too many.

TURN ON 2FA.
 

2FA you offer is only usable if you have a phone that supports it.

Today it is really easy to figure out the geographical location of IP address and clients "typical" location.
If I start suddenly logging in from China, trust me, something is wrong and BTC-TC should ask me for PIN or something before letting me in.
Even better, lock down my account and send me a e-mail.

A service I'm working on (not really relating to btc-tc) works this way. It also takes in account your browser and operating system, system language, etc with a heuristically based ranking system. For example, signing in from an iPhone when you generally use a mac is a lot less suspicious than if you started using Internet Explorer when you've always signed in from Linux.

And if you're from Australia but your system language is Chinese, this helps you - logging in from a non Chinese computer in Australia will still flag as suspicious.

[Lohoris]

If I start suddenly logging in from China, trust me, something is wrong and BTC-TC should ask me for PIN or something before letting me in.
Even better, lock down my account and send me a e-mail.

This.
Pins are bad, emails are good.

[burnside]

~~ PSA PSA PSA ~~

btct.co accounts are definitely on the radar for hackers.  I just finished replying to a very unhappy user with a compromised account.  (Logs showed logins from China, South Korea, and Japan, all in a 24 hour window.)  It's only the second such case I've heard of over the last 6 months, but that makes two accounts too many.

TURN ON 2FA.
 

mmmh... I have always kept it enabled for trades and withdrawals, and disabled for login, assuming in this case an eventual attacker may do nothing more than just looking at my portfolio... or did I miss something?

I was wondering this myself the other day, and have not done an audit to see what all could be done if login is off, but transaction is on.  Some things that come to mind:

- The account page still uses PIN codes for many account settings, including the password, PIN, and email account changing interface.
   - Thus logically, an attacker could bruteforce your PIN and change your email address on file.
     - And from there file a support request to have the 2FA removed.  Which I would happily oblige because the email account on file would match up at that point.

- The "Add Yubikey" interface is auth'd via PIN.
  - Thus an attacker could bruteforce the PIN and add their own Yubikey.

- The "Delete Yubikey" button is not auth'd at all.
  - Thus an attacker could remove your Yubikey access.

- The "Delete order" buttons are not auth'd at all.
  - Thus an attacker could remove your orders.

- The options interface has not yet had all options actions setup with the auth interface.  Of note:
  - Exercising options can be done without auth.
  - Re-listing held options can be done without auth.


Some of those the fixes are obvious.  I'll work on getting 2FA auth going for the options interface and for account changes.  But bottom line is that obviously it's a good idea to have 2FA on both login and transactions.  

Please let me know too if the above list is incomplete.  As many brains as possible are better than one when it comes to security.  

[burnside]

2FA you offer is only usable if you have a phone that supports it.

Today it is really easy to figure out the geographical location of IP address and clients "typical" location.
If I start suddenly logging in from China, trust me, something is wrong and BTC-TC should ask me for PIN or something before letting me in.
Even better, lock down my account and send me a e-mail.

Or a Yubikey, which is cheap, and way better.

But there are desktop versions of google authenticator too.  You could conceivably use it on your laptop, when logging in via your desktop for instance, and still have the 2-Factor intact.

I have already (as of about a week ago) started collecting country data on a per-user basis.  I don't know if anyone noticed, but in the account settings you can already set your country of residence.  The default is set based on your initial login. (as of when I turned it on)

After this evening's incident, I went a step further and added display of the country to the withdrawal queue management interface we use internally.  This is not a silver bullet though.  Not all withdrawals will be manual.

I suppose the next step could be a country lockout... "Only allow logins on this account from these [multi-select interface] countries.".

A service I'm working on (not really relating to btc-tc) works this way. It also takes in account your browser and operating system, system language, etc with a heuristically based ranking system. For example, signing in from an iPhone when you generally use a mac is a lot less suspicious than if you started using Internet Explorer when you've always signed in from Linux.

And if you're from Australia but your system language is Chinese, this helps you - logging in from a non Chinese computer in Australia will still flag as suspicious.

I like this approach.  I just don't have a lot of bandwidth to deal with the inevitable customer service overhead this would come with.  Outside of a vulnerability in the site, which the heuristics wouldn't help with, the 2FA is going to seal things up pretty tight anyway.

[Lohoris]

- The account page still uses PIN codes for many account settings, including the password, PIN, and email account changing interface.

Oh, while we are at it... the problem here is that the PIN is totally useless: if they sniffed your password, they most likely sniffed your PIN too, so it doesn't actually offer any protection...

I think it would be much better to remove it completely, since it may offer a false sense of protection to some users, and an annoyance with no benefit for the others...

I'd stick with real 2FAs, maybe adding an email 2FA in case you find the time to code it.
(let me know if you need any help)

Or did I miss something?

[burnside]

- The account page still uses PIN codes for many account settings, including the password, PIN, and email account changing interface.

Oh, while we are at it... the problem here is that the PIN is totally useless: if they sniffed your password, they most likely sniffed your PIN too, so it doesn't actually offer any protection...

I think it would be much better to remove it completely, since it may offer a false sense of protection to some users, and an annoyance with no benefit for the others...

I'd stick with real 2FAs, maybe adding an email 2FA in case you find the time to code it.
(let me know if you need any help)

Or did I miss something?

There are several benefits:
  - The password can be reset via email, but not the PIN.
    - So while there is no benefit against keyloggers, there is benefit against an email account compromise.
    - Also with situations where you've used the same email/password on another site and that site is compromised.
  - It's also a placeholder in all the interfaces until you get 2FA going.

It's kind of like those extra couple digits on the back of your credit card.  Worthless against a keylogger, but handy against several other scenarios.

I've tried to implement a decent carrot for turning on 2FA... one of the first things most users do is read up on the chart of fees.  On there it's pretty clear that if you turn on 2FA, you pay lower trade fees.  Hopefully today's PSA encourages a few more 2FA converts.  

[lunarboy]

Would like to see a 2FA email option similar to Blockchain.info. 

google 2FA bugs me !

[burnside]

Would like to see a 2FA email option similar to Blockchain.info. 

google 2FA bugs me !

TBH, I never really understood how an email account was a 2nd factor against something like a keylogger?  99% of us probably use their email account on the same PC as their browser?

[lunarboy]

Would like to see a 2FA email option similar to Blockchain.info. 

google 2FA bugs me !

TBH, I never really understood how an email account was a 2nd factor against something like a keylogger?  99% of us probably use their email account on the same PC as their browser?

I guess. Keyloggers don't really bother me 
I was just looking for a 2FA alternative, to prevent unauthorised withdrawals, other than the 'link to address' method you offer.

[Rannasha]

Would like to see a 2FA email option similar to Blockchain.info. 

google 2FA bugs me !

TBH, I never really understood how an email account was a 2nd factor against something like a keylogger?  99% of us probably use their email account on the same PC as their browser?

I guess. Keyloggers don't really bother me 
I was just looking for a 2FA alternative, to prevent unauthorised withdrawals, other than the 'link to address' method you offer.

Keyloggers are probably he main source of account theft of pretty much any account that has value stored in it. So if you want to prevent unauthorized withdrawals, a 2FA option that is keylogger-proof is needed.

[carnitastaco]

Burnside, have you considered maker/taker pricing?

Yeah.  I wouldn't mind doing something that shifted some of the fee to the maker, and reduced it on the taker.  Would be curious to hear from the masses what they think?

Hope you mean other way round.

Maker should get the lower or zero fee (for adding liquidity), taker the larger (or whole) fee for removing liquidty.  It's great for removing spreads - with people buying bidding 1 satoshi below ask rather than buying so as to avoid a fee.

The other way round (which you said) works to discourage people placing orders - leaving empty order books.

Getting late here.  Yes, the reverse of what I said.  We want to encourage orders on the books. 

Yeah imo its basically THE answer to this whole liquidity/spreads conversation, except that maker should get a rebate, not just zero fee.  You could change .2% fee on trades to something like .3% fee on taker, .1% rebate on maker (or .4/.2)

[ThickAsThieves]

Burnside, have you considered maker/taker pricing?

Yeah.  I wouldn't mind doing something that shifted some of the fee to the maker, and reduced it on the taker.  Would be curious to hear from the masses what they think?

Hope you mean other way round.

Maker should get the lower or zero fee (for adding liquidity), taker the larger (or whole) fee for removing liquidty.  It's great for removing spreads - with people buying bidding 1 satoshi below ask rather than buying so as to avoid a fee.

The other way round (which you said) works to discourage people placing orders - leaving empty order books.

Getting late here.  Yes, the reverse of what I said.  We want to encourage orders on the books. 

Yeah imo its basically THE answer to this whole liquidity/spreads conversation, except that maker should get a rebate, not just zero fee.  You could change .2% fee on trades to something like .3% fee on taker, .1% rebate on maker (or .4/.2)

Have fun explaining this to customers though.

[lunarboy]

Keyloggers are probably he main source of account theft of pretty much any account that has value stored in it. So if you want to prevent unauthorized withdrawals, a 2FA option that is keylogger-proof is needed.

Didn't mean to belittle the current 2FA as it is the safest method. I'm really just noting that there is a market (need?) for more than one option of 2FA for those of us that don't carry smartphones.

[Rannasha]

Keyloggers are probably he main source of account theft of pretty much any account that has value stored in it. So if you want to prevent unauthorized withdrawals, a 2FA option that is keylogger-proof is needed.

Didn't mean to belittle the current 2FA as it is the safest method. I'm really just noting that there is a market (need?) for more than one option of 2FA for those of us that don't carry smartphones.

There is for BTCT.co: YubiKey (https://www.yubico.com/products/yubikey-hardware/yubikey/). It's effectively the same thing as the smartphone-app, but then in the form of a separate device that you can carry on your keychain or whatever.