|
wtfvanity
|
 |
December 19, 2012, 09:52:13 PM |
|
What has been changed
- Roger and the support agent's access to this information has been revoked.
- Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
- The secret phrase is now no longer shown to any admins
What other information could be used to identify a walletWe store the ip address a wallet was created with and the ip address a wallet was last updated with. . . .This was a shock to many people that you save this kind of information when previously it was said that no tracking information was kept. Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website: https://blockchain.info/wallet/anonymity. . . When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key). . .
. . . We log the internet IP address a wallet was created with and the ip the wallet was last updated with . . .
The only shock was that another business managed to access this information, and that has been addressed appropriately. Hashing it would not prevent looking it up if programmed that way. But would prevent it from being plaintext in the database. You can't hash the email or the sms because you use those to send notices. |
WTF! Don't Click Here
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
|
|
|
|
|
|
|
|
|
|
|
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
DannyHamilton
Legendary
 Offline
Activity: 3388
Merit: 4653
|
|
December 19, 2012, 09:55:22 PM |
|
. . . Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website: https://blockchain.info/wallet/anonymity. . . The only shock was that another business managed to access this information, and that has been addressed appropriately. Hashing it would not prevent looking it up if programmed that way. But would prevent it from being plaintext in the database. You can't hash the email or the sms because you use those to send notices. I don't believe I requested hashing of anything. |
|
|
|
|
Bitcoinin
Newbie
Offline
Activity: 44
Merit: 0
|
|
December 19, 2012, 09:58:52 PM |
|
tThe negative image others try to pin on Bitcoin is not that it's only being about scams. The negative image is that Bitcoin is full of scams, and that we either don't ever do anything about it, or run to the police contrary to our free-market beliefs. Regardless of whether asking police for help is hypocritical or not, it is simply not effective on a global scale Bitcoin operates on. So the only solutions we have are 1) whine about it and keep getting scammed, 2) go to the police who ignore us, and keep getting scammed, or 3) live up to the "horrible free-market" ideals we get ridiculed for, and actually take care of the scamming ourselves.
We tried 1 and 2
What was achieved today? No one was successful in guilting the scammer into returning the money - they still have it. The scammer had their personal information posted publicly on the internet, so now they have a personal vendetta against Bitcoinstore and Bitcoin in general - they'll probably be back to troll Roger and post all over the place about how Bitcoin businesses post your private information which will scare newbies. The scammer wasn't even really a scammer - just a coward who decided to not do the right thing, but is now an active agent against Bitcoin. Bitcoinstore is still out $60. They'll probably have fewer transactions than they would have from legit customers due to the FUD of what exactly their privacy policy is and whether or not they can be trusted. They also unfortunately look less professional and petty for breaking their own privacy policy over a $60 mistake. Blockchain.info and other businesses got roped into the same FUD. Have we prevented any future scamming from happening from this guy? Probably not - the original scammer wasn't ever really a scammer, so the chances of them having tried something in the future were unlikely to begin with. Their personal info is now public (assuming everything was actually theirs) if they did try to scam in the future, but all they need to do is sign up for a free email address and start using their friend's name & street address in the future. Have we scared other scammers from trying stuff in the future? Probably not - if anything the publicity just emphasizes some of the issues that Bitcoin businesses are wrestling with and is more likely to attract more scammers trying to exploit these issues. Does the public see the Bitcoin community "cracking down" on scammers and getting the problem under control? Nothing was achieved, so I would doubt it. |
|
|
|
|
|
shad0wbitz
|
|
December 19, 2012, 10:00:44 PM |
|
WOW .... Roger Ver single handily tarnished his reputation and the reputation of BlockChain.info for some 4.x BTC ... INCREDIBLE!
I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?
Would you trust your personal information to BitInstant after we have seen what Roger is capable of doing with it? I would not.
|
GOX SUX COX!The true faces of the Bitcoinica / Intersango SCAM! - Bitcoin was born in the shad0ws, for the shad0ws.
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
December 19, 2012, 10:03:02 PM |
|
I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.
I'm not sure I see it the same way. Roger at best made an error in judgment, something I or anybody else could do on account of being human. The activities he engages in to promote Bitcoin paint a much clearer picture of where his interests lie. For example, everybody knows that the biggest weakness of a "Casascius Coin" is the fact that "Casascius" could know the private key. The answer isn't "push Casascius out", rather, the answer may very well be in the form of bringing affordable two-factor physical bitcoins so the trust footprint can be reduced. That's what will benefit Bitcoin in the long run. The best thing for Blockchain.info would be to recognize where its soft spots are, and actively work to harden them. Personal information stored on Blockchain a problem? What's better, push Roger out due to public outcry, or release something that makes it more the default to not store personal information on their servers? The second is by far a better long term solution, something Roger would almost certainly agree with, as I can't imagine his involvement and investment is just so he can chase down 4 BTC accidentally sent to his customer. It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence trolling and hate on the part of the owner of Memory Dealers, Roger Ver trolls and haters which did nothing for the community. This https://bitcointalk.org/index.php?topic=131574.0 behavior; publicly displaying the details of a private individual scammer and labeling them a criminal would at best seem morally dubious and at worst defamatory a mistake driven by anger. FTFY I'm afraid I have no idea what this: "trolls and haters which did nothing for the community" means in the context of my statement. I get the distinct impression that neither do you. I'm afraid you understand perfectly, so do I. Blockchain is a superb service, second to none. Roger has an extensive, historic, work towards the success of bitcoin. Who are the trolls posting here (including you), and what did they give to the community ? I completely agree with the both of you. Roger did indeed abuse his access to blockchain.info's admin side, but it's the sort of not-so-obvious mistake that many of us could make. He had access to the data he needed, why not use it? At least, that's the mindset he was in at the time. And he never released any of the private information to the public until the scammer himself did. He has been a key player in the move to get more people using Bitcoin. He can learn from his mistake and continue on, a better businessman because of it. Let's not throw the baby out with the bathwater. |
|
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
December 19, 2012, 10:03:20 PM |
|
WOW .... Roger Ver single handily tarnished his reputation and the reputation of BlockChain.info for some 4.x BTC ... INCREDIBLE!
I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?
Would you trust your personal information to BitInstant after we have seen what Roger is capable of doing with it? I would not.
And you're an absolutely perfect angel? |
|
|
|
|
|
shad0wbitz
|
|
December 19, 2012, 10:06:55 PM |
|
WOW .... Roger Ver single handily tarnished his reputation and the reputation of BlockChain.info for some 4.x BTC ... INCREDIBLE!
I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?
Would you trust your personal information to BitInstant after we have seen what Roger is capable of doing with it? I would not.
And you're an absolutely perfect angel? No I'm just an angel ...  and ... WHAT??? |
GOX SUX COX!The true faces of the Bitcoinica / Intersango SCAM! - Bitcoin was born in the shad0ws, for the shad0ws.
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4653
|
|
December 19, 2012, 10:07:02 PM |
|
. . . What was achieved today? . . .
At least, blockchain.info has improved their security by removing access from an individual who would otherwise abuse that access when they are frustrated with a customer of their other businesses. At best, other businesses are hopefully looking into who has access to the information in their databases and making sure that they limit that access appropriately to prevent getting caught up in similar conflict of interest situations in the future. This is no small thing. Had there not been this "uproar", Roger would still have inappropriate access to that data and could leverage that access against other customers in the future, and other businesses wouldn't have had this "wake up call" to give them an opportunity to review who has access to their data. |
|
|
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
December 19, 2012, 10:19:54 PM |
|
I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?
Just wait for someone to tell Apple blockchain.info is a Bitcoin wallet that can send coins and not simply a "transaction viewer", it'll get pulled in the next ten minutes. |
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
December 19, 2012, 10:24:27 PM |
|
What was achieved today?
Quite a few things: 1) Blockchain.info identified a possible software security issue and patched it 2) Blockchain.info identified a situation that may cause a conflict of interest, and resolved it. 3) The community as a whole was made aware of the issues that may arise from conflicts of interest, poorly worded TOS, and public sharing of information. 4) People and business owners got to discuss and brainstorm how to deal with these situations, and have made their own conclusions along with differing alterations to their TOS. Specifically regarding how to deal with private information, whether to share info on suspected scammers amongst other businesses, etc. 5) We got rid of at least one dishonest person. Whether he is a scammer or not (I don't think think he was), what he did want right, and Roger got 100% conclusive evidence of that (blockchain.info's anonymizing addresses are NOT one-time use like the guy claimed). 5a) We maybe have sent out a warning to others that you're not as safe as you think you are, and your specific country's laws may not protect you, so it's best to start maintaining a clean reputation record now. |
|
|
|
|
|
wtfvanity
|
|
December 19, 2012, 10:26:25 PM |
|
. . . Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website: https://blockchain.info/wallet/anonymity. . . The only shock was that another business managed to access this information, and that has been addressed appropriately. Hashing it would not prevent looking it up if programmed that way. But would prevent it from being plaintext in the database. You can't hash the email or the sms because you use those to send notices. I don't believe I requested hashing of anything. Shut the fuck up. I didn't say you did. I'm asking for IP's to be hashed as well, and they can still be looked up problematically. |
WTF! Don't Click Here
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
|
|
|
thebaron
|
|
December 19, 2012, 10:28:53 PM |
|
So much bullshit over a guy doing private detective work to get his company's money back.
|
|
|
|
|
|
CharlieContent (OP)
|
|
December 19, 2012, 10:30:11 PM |
|
I'm not sure I see it the same way.
Roger at best made an error in judgment, something I or anybody else could do on account of being human. The activities he engages in to promote Bitcoin paint a much clearer picture of where his interests lie.
For example, everybody knows that the biggest weakness of a "Casascius Coin" is the fact that "Casascius" could know the private key. The answer isn't "push Casascius out",
Well, of course you couldn't be pushed out, but if you started acting in a devious, unprofessional and untrustworthy way, then no one should buy your coins. There's an element of trust in every commercial transaction, not just with Bitcoin. Obviously some involve more trust than others, but no matter what, I never do business with untrustworthy people, no matter how secure the system. |
|
|
|
|
|
Rob E
|
|
December 19, 2012, 10:33:06 PM |
|
It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalk.org/index.php?topic=131574.0 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory. I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out. Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do. We? Who the fuck is We? You? lol. |
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4653
|
|
December 19, 2012, 10:33:27 PM |
|
So much bullshit over a guy doing private detective work to get his company's money back.
And violating the terms of a privacy statement in the process. |
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4653
|
|
December 19, 2012, 10:37:23 PM |
|
. . . Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website . . .
Hashing it would not prevent looking it up . . . I don't believe I requested hashing of anything. Shut the fuck up . . .  You quoted me saying nothing about hashing, and responded to my quote by stating that hashing wouldn't prevent looking up information. Where is this hostility coming from? |
|
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
December 19, 2012, 10:57:03 PM |
|
So much bullshit over a guy doing private detective work to get his company's money back.
And violating the terms of a privacy statement in the process. Luckily, one of those things has now been fixed. |
|
|
|
|
ripper234
Legendary
Offline
Activity: 1358
Merit: 1003
Ron Gross
|
|
December 19, 2012, 11:06:02 PM |
|
What has been changed
- Roger and the support agent's access to this information has been revoked.
- Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
- The secret phrase is now no longer shown to any admins
piuk, +10 for swiftly dealing with this. A technical questions: So what if an address is a SHA 256? How does that remove any lookup ability? To lookup by address, just hash it and look up the hash. It removes the ability to lookup, per given wallet ID, what addresses it owns - not the other way around. |
|
|
|
Bitcoinin
Newbie
Offline
Activity: 44
Merit: 0
|
|
December 19, 2012, 11:11:30 PM |
|
What was achieved today?
Quite a few things: My question was in relation to posting of customer information - most of your points weren't achieved specifically due to customer information being posted or could have been achieved in a variety of other, less damaging ways. The remaining achievements don't seem - to me at least - to be worth the probable damage done. ...and this is without even discussing the possible impact on innocent people when posting information that you don't know for sure is the scammer, legal implications of releasing info, etc. Scamming isn't new - it is just different with Bitcoin. There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away. They aren't posting customer info publicly everywhere, so why should a Bitcoin business trying to project a positive, professional image of Bitcoin resort to public shaming as the solution to their scamming? |
|
|
|
|
|
