dexX7
Legendary
 Offline
Activity: 1106
Merit: 1026
|
 |
July 06, 2013, 04:43:55 PM |
|
good morning, Who runs this exchange, and where is the registering agent contact information as required by law thanks..Ira
Good morning, too. First of all: thanks for keeping the blockchain alive! I'm a bit stunned though. For someone who owns more than 1000 Bitcoin and who is capable of running the university computer to mine Bitcoin, which is many times more powerful than anything available to the public, you should be able to research those information quite easily. By the way, did you find out where BTC is traded yet?   |
|
|
|
|
Rannasha
|
|
July 06, 2013, 04:50:45 PM |
|
good morning, What is a virtual stock this is a news to me. What brokers deal in these types of instruments thanks..Ira Here we go: Why would I want to invest in a virtual currency company?To expand your BTC virtual currency fortune of course! Or something more noble, like funding a project for a greater good. Is it legal for this exchange to operate?Most countries require real securities exchanges to register and abide by a very strict set of rules. Obviously we do not have the funding to afford such registration or the overhead of administering such rules. In addition, no single country would allow such an exchange to operate globally. As such we have taken the following approach to the operation of the site: - No assets on the site are to be considered real.
- The use of this site is for educational and entertainment purposes only.
- If an asset issuer on this site defaults, you have ZERO RECOURSE. (not like you have any recourse in most international BTC situations anyway.)
Is it legal for me to use the site?Most countries will have no problem with you using a securities simulation site, even one that uses digital virtual currencies. There are multiple examples of virtual goods exchanges in operation around the globe, most of which are better funded in the legal department than this one. It is largely on the backs of these giants that we believe we are in the clear. We also believe that everything digital has some value to someone, and trying to artifically limit what "virtual" or "digital" belongings people are allowed to trade or play games with is simply not going to be possible. Of course, please let us know if you believe your country may have an issue with it and we will post prominent warnings. We do ask that you keep the following in mind at all times: - No assets on the site are to be considered real.
- The use of this site is for educational and entertainment purposes only.
- If an asset issuer on this site defaults, you have ZERO RECOURSE. (not like you have any recourse in most international BTC situations anyway.)
Why should we trust this site after so many others have failed?We are different in several key ways: - We do not pretend that we are a real registered exchange.
- We do not pretend the assets on the site are real.
- We are a real company, registered in Belize.
- We are transparent. We do not lock you into using our site. Every asset issuer receives a daily email showing who is holding their assets. This allows them to move their virtual operation off the site to anywhere
- else they might choose.
https://btct.co/faqgood morning, Who runs this exchange, and where is the registering agent contact information as required by law thanks..Ira Burnside runs the exchange. And since it is advertised a virtual exchange, not a real one, it doesn't fall under those parts of the law. The company that operates the exchange is registered in Belize. I'm sure you can find contact info on the site somewhere ^^ |
|
|
|
|
burnside
Legendary
Offline
Activity: 1106
Merit: 1006
Lead Blockchain Developer
|
|
July 06, 2013, 05:59:03 PM |
|
Hi Burnside,
How is the options trading API coming along? Can you give a rough estimate of delivery schedule for this important (to me) feature? Love the realtime tab! Keep up the good work.
Soon I hope. I wrapped up a huge piece of my backend work this week. Hopefully we'll be seeing a lot less of the "asset lock timeouts" going forward. |
|
|
|
|
EskimoBob
Legendary
Offline
Activity: 910
Merit: 1000
Quality Printing Services by Federal Reserve Bank
|
|
July 07, 2013, 11:34:30 AM |
|
Because of all the security drama, I proposed a bit more secure PIN system for bitfunder Here is the copy from https://bitcointalk.org/index.php?topic=251051.msg2673044#msg2673044Can you generate PIN's that can be used only once? Question is, how to deliver the list of keys to your client so "they" (bad guys) do not have them  1) 11975
2) 14975
3) 07277
4) 06680
5) 14321
6) 28753
7) 90415
8) 91468
9) 99442
10) 95016
...
None of the numbers can be reused. When I log in and start a transfer or any other operation, where coin/shares move, system ask for a PIN #?. Lets sat I have used 1-3 so it asks for PIN 4 and then for #5 etc. If I screw up and enter PIN #4 incorrectly, PIN #5 will be asked and so on. If you add a delay, that starts to grow after every wrong entry, brute force becomes pointless. Even better, lock the account down after 5 wrong PIN entries and send out an e-mail. |
While reading what I wrote, use the most friendliest and relaxing voice in your head.
BTW, Things in BTC bubble universes are getting ugly....
|
|
|
|
Deprived
|
|
July 07, 2013, 11:43:38 AM |
|
Because of all the security drama, I proposed a bit more secure PIN system for bitfunder Here is the copy from https://bitcointalk.org/index.php?topic=251051.msg2673044#msg2673044Can you generate PIN's that can be used only once? Question is, how to deliver the list of keys to your client so "they" (bad guys) do not have them 1) 11975
2) 14975
3) 07277
4) 06680
5) 14321
6) 28753
7) 90415
8) 91468
9) 99442
10) 95016
...
None of the numbers can be reused. When I log in and start a transfer or any other operation, where coin/shares move, system ask for a PIN #?. Lets sat I have used 1-3 so it asks for PIN 4 and then for #5 etc. If I screw up and enter PIN #4 incorrectly, PIN #5 will be asked and so on. If you add a delay, that starts to grow after every wrong entry, brute force becomes pointless. Even better, lock the account down after 5 wrong PIN entries and send out an e-mail. Google Authenticator or Yubikey both do what you propose already - without you having to generate and remember a long list of PINs. Every time I do a trade or transfer on BTC-TC I have to touch my Yubikey to get it to generate a new 'PIN' which is longer than your 5-digit ones and can't be calculated or generated by anyone without the actual Yubikey. There's no need to invent a square wheel when round ones already exist. |
|
|
|
|
elefter
Member
Offline
Activity: 67
Merit: 10
|
|
July 07, 2013, 11:47:13 AM |
|
is it my idea or the number of shares in the ask and bid is displayed wrong?
|
|
|
|
|
EskimoBob
Legendary
Offline
Activity: 910
Merit: 1000
Quality Printing Services by Federal Reserve Bank
|
|
July 07, 2013, 12:03:55 PM |
|
Because of all the security drama, I proposed a bit more secure PIN system for bitfunder Here is the copy from https://bitcointalk.org/index.php?topic=251051.msg2673044#msg2673044Can you generate PIN's that can be used only once? Question is, how to deliver the list of keys to your client so "they" (bad guys) do not have them 1) 11975
2) 14975
3) 07277
4) 06680
5) 14321
6) 28753
7) 90415
8) 91468
9) 99442
10) 95016
...
None of the numbers can be reused. When I log in and start a transfer or any other operation, where coin/shares move, system ask for a PIN #?. Lets sat I have used 1-3 so it asks for PIN 4 and then for #5 etc. If I screw up and enter PIN #4 incorrectly, PIN #5 will be asked and so on. If you add a delay, that starts to grow after every wrong entry, brute force becomes pointless. Even better, lock the account down after 5 wrong PIN entries and send out an e-mail. Google Authenticator or Yubikey both do what you propose already - without you having to generate and remember a long list of PINs. Every time I do a trade or transfer on BTC-TC I have to touch my Yubikey to get it to generate a new 'PIN' which is longer than your 5-digit ones and can't be calculated or generated by anyone without the actual Yubikey. There's no need to invent a square wheel when round ones already exist. Not sure why anyone has to remember those PIN's... but never mind that. Yes, I understand, that this is what your Yubikey is doing... if you have one. Google 2fa is basically the same but you need one of those shiny slab-phones to use it. What I proposed is a low cost, OS and phone independent solution. |
While reading what I wrote, use the most friendliest and relaxing voice in your head.
BTW, Things in BTC bubble universes are getting ugly....
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
July 07, 2013, 12:04:52 PM |
|
Not sure why anyone has to remember those PIN's... but never mind that.
Yes, I understand, that this is what your Yubikey is doing... if you have one. Google 2fa is basically the same but you need one of those shiny slab-phones to use it.
What I proposed is a low cost, OS and phone independent solution.
No, you don't need a smartphone to use google 2fa. |
|
|
|
|
Ira H. Fuchs
Newbie
Offline
Activity: 14
Merit: 0
|
|
July 07, 2013, 01:17:21 PM |
|
good morning, What is a virtual stock this is a news to me. What brokers deal in these types of instruments thanks..Ira Here we go: Why would I want to invest in a virtual currency company?To expand your BTC virtual currency fortune of course! Or something more noble, like funding a project for a greater good. Is it legal for this exchange to operate?Most countries require real securities exchanges to register and abide by a very strict set of rules. Obviously we do not have the funding to afford such registration or the overhead of administering such rules. In addition, no single country would allow such an exchange to operate globally. As such we have taken the following approach to the operation of the site: - No assets on the site are to be considered real.
- The use of this site is for educational and entertainment purposes only.
- If an asset issuer on this site defaults, you have ZERO RECOURSE. (not like you have any recourse in most international BTC situations anyway.)
Is it legal for me to use the site?Most countries will have no problem with you using a securities simulation site, even one that uses digital virtual currencies. There are multiple examples of virtual goods exchanges in operation around the globe, most of which are better funded in the legal department than this one. It is largely on the backs of these giants that we believe we are in the clear. We also believe that everything digital has some value to someone, and trying to artifically limit what "virtual" or "digital" belongings people are allowed to trade or play games with is simply not going to be possible. Of course, please let us know if you believe your country may have an issue with it and we will post prominent warnings. We do ask that you keep the following in mind at all times: - No assets on the site are to be considered real.
- The use of this site is for educational and entertainment purposes only.
- If an asset issuer on this site defaults, you have ZERO RECOURSE. (not like you have any recourse in most international BTC situations anyway.)
Why should we trust this site after so many others have failed?We are different in several key ways: - We do not pretend that we are a real registered exchange.
- We do not pretend the assets on the site are real.
- We are a real company, registered in Belize.
- We are transparent. We do not lock you into using our site. Every asset issuer receives a daily email showing who is holding their assets. This allows them to move their virtual operation off the site to anywhere
- else they might choose.
https://btct.co/faqgood morning, Who runs this exchange, and where is the registering agent contact information as required by law thanks..Ira Burnside runs the exchange. And since it is advertised a virtual exchange, not a real one, it doesn't fall under those parts of the law. The company that operates the exchange is registered in Belize. I'm sure you can find contact info on the site somewhere ^^ good morning, There is no contact information on your website. I'm surprised no one has brought this up already...Ira |
|
|
|
|
EskimoBob
Legendary
Offline
Activity: 910
Merit: 1000
Quality Printing Services by Federal Reserve Bank
|
|
July 07, 2013, 02:36:41 PM |
|
Not sure why anyone has to remember those PIN's... but never mind that.
Yes, I understand, that this is what your Yubikey is doing... if you have one. Google 2fa is basically the same but you need one of those shiny slab-phones to use it.
What I proposed is a low cost, OS and phone independent solution.
No, you don't need a smartphone to use google 2fa. Thank you for not posting any useful links Looks like here is one: https://bitcointalk.org/index.php?topic=111943.msg2216245#msg2216245 |
While reading what I wrote, use the most friendliest and relaxing voice in your head.
BTW, Things in BTC bubble universes are getting ugly....
|
|
|
|
Rannasha
|
|
July 07, 2013, 04:04:32 PM |
|
If you use a script like that for GAuth, make sure to use it on a separate machine from the one you use to log in, otherwise you may still lose your account if your machine is compromised.
|
|
|
|
|
EskimoBob
Legendary
Offline
Activity: 910
Merit: 1000
Quality Printing Services by Federal Reserve Bank
|
|
July 07, 2013, 05:33:35 PM |
|
If you use a script like that for GAuth, make sure to use it on a separate machine from the one you use to log in, otherwise you may still lose your account if your machine is compromised.
... and this is exactly why I do not like this at all. I still need to have 2 or more computers. |
While reading what I wrote, use the most friendliest and relaxing voice in your head.
BTW, Things in BTC bubble universes are getting ugly....
|
|
|
|
Lohoris
|
|
July 07, 2013, 05:55:39 PM |
|
... and this is exactly why I do not like this at all. I still need to have 2 or more computers.
That's, like, the whole point of 2FA. |
|
|
|
|
btharper
|
|
July 07, 2013, 06:31:46 PM |
|
... and this is exactly why I do not like this at all. I still need to have 2 or more computers.
That's, like, the whole point of 2FA. I'd say using a separate program on the same machine offers some additional security over not using it at all. A simple keylogger won't compromise your account anymore, though anything that can just read the 2FA files can, but I'd hope those are less common so far. |
|
|
|
|
|
Rannasha
|
|
July 07, 2013, 07:00:57 PM |
|
... and this is exactly why I do not like this at all. I still need to have 2 or more computers.
That's, like, the whole point of 2FA. I'd say using a separate program on the same machine offers some additional security over not using it at all. A simple keylogger won't compromise your account anymore, though anything that can just read the 2FA files can, but I'd hope those are less common so far. Yeah, you do gain additional security, since many keyloggers just grab as many passwords on autopilot and that's it. However, if someone is specifically targeting you or uses a more advanced keylogger, they can access the 2FA program just as easily as your password. Running a 2FA program on your main machine is a bit like using a Mac for security: It's not inherently more secure, but since it's less targeted by attackers, your chance of getting hit is reduced. |
|
|
|
|
burnside
Legendary
Offline
Activity: 1106
Merit: 1006
Lead Blockchain Developer
|
|
July 08, 2013, 08:52:17 AM |
|
... and this is exactly why I do not like this at all. I still need to have 2 or more computers.
That's, like, the whole point of 2FA. I'd say using a separate program on the same machine offers some additional security over not using it at all. A simple keylogger won't compromise your account anymore, though anything that can just read the 2FA files can, but I'd hope those are less common so far. Yeah, you do gain additional security, since many keyloggers just grab as many passwords on autopilot and that's it. However, if someone is specifically targeting you or uses a more advanced keylogger, they can access the 2FA program just as easily as your password. Running a 2FA program on your main machine is a bit like using a Mac for security: It's not inherently more secure, but since it's less targeted by attackers, your chance of getting hit is reduced. Yubikeys and old phones are cheap and readily available. An old phone doesn't even need cellular service. Just wifi to get the app installed and once it's installed, it doesn't even need that except to occasionally sync the time. I think we're in a good place security-wise. Where we could improve: - One-time use form tokens. These also prevent double button press form submission issues. (90% done, it's in testing now.) - 2FA input in a few places that don't already have it. (most places that don't are not particularly sensitive.) - Require 2FA to use the site. Essentially no trading would be allowed until 2FA was turned on. (still thinking this one over.) Cheers. |
|
|
|
|
|
davos
|
|
July 08, 2013, 02:42:31 PM |
|
- Require 2FA to use the site. Essentially no trading would be allowed until 2FA was turned on. (still thinking this one over.)
If you're going to do mandatory 2FA (which I agree with), you might consider offering an SMS token as google does with gmail logins. It's probably not as secure as some other options, but any additional security that requires more than just a concurrent session is probably beneficial. It's not entirely reasonable (just yet) to assume that everyone who may be using BTCT or LTCGlobal has a smartphone - but a mobile phone and/or yubikey requirement makes sense. |
|
|
|
|
btharper
|
|
July 08, 2013, 02:43:13 PM |
|
... and this is exactly why I do not like this at all. I still need to have 2 or more computers.
That's, like, the whole point of 2FA. I'd say using a separate program on the same machine offers some additional security over not using it at all. A simple keylogger won't compromise your account anymore, though anything that can just read the 2FA files can, but I'd hope those are less common so far. Yeah, you do gain additional security, since many keyloggers just grab as many passwords on autopilot and that's it. However, if someone is specifically targeting you or uses a more advanced keylogger, they can access the 2FA program just as easily as your password. Running a 2FA program on your main machine is a bit like using a Mac for security: It's not inherently more secure, but since it's less targeted by attackers, your chance of getting hit is reduced. Yubikeys and old phones are cheap and readily available. An old phone doesn't even need cellular service. Just wifi to get the app installed and once it's installed, it doesn't even need that except to occasionally sync the time. I think we're in a good place security-wise. Where we could improve: - One-time use form tokens. These also prevent double button press form submission issues. (90% done, it's in testing now.) - 2FA input in a few places that don't already have it. (most places that don't are not particularly sensitive.) - Require 2FA to use the site. Essentially no trading would be allowed until 2FA was turned on. (still thinking this one over.) Cheers. Short of sending out free yubikeys for qualifying members a la MtGox I think it would be difficult to force existing 2FA, especially for new users. Incentives like existing lower trade fees should be effective and might be easy enough to tweak as required to push more adoption. |
|
|
|
|
|
freeAgent
|
|
July 08, 2013, 05:30:16 PM |
|
If you're going to do mandatory 2FA (which I agree with)
WTF. Why would you agree with such a thing? Some of us don't run computers infested with spywares. Most/all banks and brokerage sites I know of do not require 2FA for their users. It is always optional. |
|
|
|
|
burnside
Legendary
Offline
Activity: 1106
Merit: 1006
Lead Blockchain Developer
|
|
July 08, 2013, 05:43:50 PM |
|
If you're going to do mandatory 2FA (which I agree with)
WTF. Why would you agree with such a thing? Some of us don't run computers infested with spywares. Most/all banks and brokerage sites I know of do not require 2FA for their users. It is always optional. Most that I know of don't even provide it. I guess they're worried about confusing the masses. But they also have the ability to recover funds and/or undo most of the damage done after a hack. With bitcoin the damage once done, is done. |
|
|
|
|
|
