Bitcoin Forum
November 02, 2024, 09:29:23 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
Author Topic: MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info  (Read 28758 times)
ThomasV
Legendary
*
Offline Offline

Activity: 1896
Merit: 1353



View Profile WWW
December 19, 2012, 03:14:41 PM
 #21

It should also be noted that ThomasV runs a competitor to Blockchain.info

That is correct, but Electrum is not a commercial operation.
It is a free software project, that involves multiple developers, not just me.



Electrum: the convenience of a web wallet, without the risks
Jouke
Sr. Member
****
Offline Offline

Activity: 426
Merit: 250



View Profile WWW
December 19, 2012, 03:16:50 PM
 #22

Secret passphrases not being secret .. Sad

Koop en verkoop snel en veilig bitcoins via iDeal op Bitonic.nl
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1155



View Profile WWW
December 19, 2012, 03:20:52 PM
 #23

All you have to do is read what Roger Ver himself wrote in that thread. He said himself that he has access to a lot of information about account holders and their accounts, and we can see for ourselves in the email chain he posted that he was prepared to leverage this information to resolve a customer service dispute in a completely unrelated business.

You have this wrong.
The only information I threatened to leverage was the information from Bitcoinstore,  the business directly involved in the incident.
I never made any of the information from Blockchain public.

CharlieContent (OP)
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
December 19, 2012, 03:25:14 PM
 #24

All you have to do is read what Roger Ver himself wrote in that thread. He said himself that he has access to a lot of information about account holders and their accounts, and we can see for ourselves in the email chain he posted that he was prepared to leverage this information to resolve a customer service dispute in a completely unrelated business.

You have this wrong.
The only information I threatened to leverage was the information from Bitcoinstore,  the business directly involved in the incident.
I never made any of the information from Blockchain public.


You leveraged it in private.

Also

If I knew his passphrase,  I could have logged into his account,  and taken my money back.

meowmeowbrowncow
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
December 19, 2012, 03:28:53 PM
 #25



While taking advantage of privileged information is bad this is getting overblown.

Let's stop the masterbatorial frothing.

"Bitcoin has been an amazing ride, but the most fascinating part to me is the seemingly universal tendency of libertarians to immediately become authoritarians the very moment they are given any measure of power to silence the dissent of others."  - The Bible
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1155



View Profile WWW
December 19, 2012, 03:34:38 PM
 #26


You leveraged it in private.


He told me he didn't own the bitcoin address in question.
I told him in private that he did,  and gave him the proof that I knew he did.
I don't see this as inappropriate.

mccorvic
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
December 19, 2012, 03:36:29 PM
 #27

masterbatorial frothing

My idea of a good time btw.

Offering Video/Audio Editing Services since 2011 - https://bitcointalk.org/index.php?topic=77932.0
Rob E
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
December 19, 2012, 03:39:56 PM
 #28

What ^ are you worried Bout guy? why are you crying.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
December 19, 2012, 03:57:29 PM
Last edit: December 19, 2012, 09:32:49 PM by DannyHamilton
 #29


You leveraged it in private.


He told me he didn't own the bitcoin address in question.
I told him in private that he did,  and gave him the proof that I knew he did.
I don't see this as inappropriate.
It is inappropriate for someone who has admin access at blockchain.info to use that information for the benefit of some other business.  As a matter of fact it is explicitly against the blockchain.info privacy policy:

Quote
We will . . . distribute . . . your personal information to third parties unless we have your permission or are required by law to do so.
This is why blockchain.info has removed your access.  They do not allow it to be used in this way, and you violated their trust.

In this instance bitcoinstore.com is a third party, and you have distributed the personal information of one of their users to that third party without the user's permission and without being required by law to do so.

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.
teste
Sr. Member
****
Offline Offline

Activity: 312
Merit: 250


View Profile
December 19, 2012, 03:59:31 PM
 #30


You leveraged it in private.


He told me he didn't own the bitcoin address in question.
I told him in private that he did,  and gave him the proof that I knew he did.
I don't see this as inappropriate.
It is inappropriate for someone who has admin access at blockchain.info to use that information for the benefit of some other business.  As a matter of fact it is explicitly against the blockchain.info privacy policy:

Quote
We will . . . distribute . . . your personal information to third parties unless we have your permission or are required by law to do so.

In this instance bitcoinstore.com is a third party, and blockchain.info has distributed the personal information of one of their users to that third party without the user's permission and without being required by law to do so.



+1
teste
Sr. Member
****
Offline Offline

Activity: 312
Merit: 250


View Profile
December 19, 2012, 04:03:42 PM
 #31

Hope this episode serve as a lesson to improve the services of blockchain.info and bitcoinstore.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
December 19, 2012, 04:07:50 PM
Last edit: December 19, 2012, 09:32:34 PM by DannyHamilton
 #32

I can not recommend bitcoinstore.com to anybody.  I understand that they are frustrated with the loss of the bitcoins that they accidentally sent, and I realize that the "right thing to do" for the person who received those bitcoins was to return them.  However, that does not make your abuse of special access to blockchain.info allowed you as an employee any less inappropriate.  As far as I'm concerned the abuse of this access was at least as inappropriate as the failure of the person receiving the extra bitcoin to return them.

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.
Deafboy
Hero Member
*****
Offline Offline

Activity: 482
Merit: 502



View Profile WWW
December 19, 2012, 04:08:21 PM
 #33

Quote
Hope this episode will serve as a lesson to improve the services...
In fact, the same mistakes will be done over and over again. And history will repeat.
Am I too pessimistic?  Smiley
teste
Sr. Member
****
Offline Offline

Activity: 312
Merit: 250


View Profile
December 19, 2012, 04:10:28 PM
 #34

As far as I knew blockchain.info and bitcoinstore.com were 2 completely separate and unrelated businesses.  As far as I'm concerned, it is absolutely not appropriate for someone from one business to be using "admin access" at another business to gain special privileges.

I cannot in good faith (and will not) recommend blockchain.info to anybody ever again unless they do one of the following:


Publicly and openly state in an obvious and easy to find way on their main website which other businesses have special admin access to look up information on people's accounts.

or

Immediately sever all relationships with other businesses, removing admin access from anyone who would use that access to benefit their other business.

or

Provide all users with the exact same admin access, so that they too can track down scammers as necessary.



Furthermore, I can not and will not ever recommend bitcoinstore.com to anybody.  I understand that they are frustrated with the loss of the bitcoins that they accidentally sent, and I realize that the "right thing to do" for the person who received those bitcoins was to return them.  However, that does not make bitcoinstore.com use of special access to blockchain.info any less appropriate.  As far as I'm concerned their use of this access was at least as inappropriate as the failure of the person receiving the extra bitcoin to return them.

Again +1
misterbigg
Legendary
*
Offline Offline

Activity: 1064
Merit: 1001



View Profile
December 19, 2012, 04:11:49 PM
Last edit: December 19, 2012, 04:45:41 PM by misterbigg
 #35

Are you FUCKING KIDDING ME? I wake up and read this?

In my mind this is almost as bad as the pirate shit and all the fraud going on with those exchanges. Blockchain is sold as having the utmost security and trust, with its local wallet operations, audited code base, and anonymity features.

That someone, an investor no less, would go in and take actions that are completely at odds with how the Blockchain service is marketed is very disappointing to hear. This is another black eye on the face of Bitcoin. And God knows, we certainly don't need any more of those.

Plus, isn't this MemoryDealers guy the kid who left the country because the IRS tried screw him or something? And now he does this?

To add insult to injury, this guy's responses in the thread show that he is totally irresponsible and cannot be trusted. To think that Blockchain users' personal information is available at the whim of this turncoat makes me shudder.
Herodes
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
December 19, 2012, 04:22:31 PM
 #36

So, blockchain.info gives out admin access to co-owners ? What would they need this access for ? Wouldn't RV be considered a 'share-holder'. Is it the norm to give 'share-holders' the key to were the business operates?
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 1209


I support freedom of choice


View Profile WWW
December 19, 2012, 04:25:33 PM
 #37

The main problem here is that now it's also hard to trust Piuk ...

NON DO ASSISTENZA PRIVATA - https://t.me/hostfatmind/
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
December 19, 2012, 04:27:41 PM
Last edit: December 19, 2012, 09:32:20 PM by DannyHamilton
 #38

The main problem here is that now it's also hard to trust Piuk ...
Yes, when a partial owner of a business acts in a manner that damages the reputation of the business, it affects the reputation of all the stakeholders in the business.  This is why it is important to be careful about who you get involved in business with.
gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
December 19, 2012, 04:28:19 PM
 #39

Plus, isn't this MemoryDealers guy the kid who left the country because the IRS tried to stick a dildo up his ass or something?

Maybe this talks good about Roger. Who, besides making mistakes from time to time, has an extensive history for supporting and developing Bitcoin worldwide. Trolls in this thread all summed up, have done less than 0.001% that Roger made in the benefit of the community.

And blockchain.info service and features are awesome. I support both Roger and blockchain.


If you don't own the private keys, you don't own the coins.
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1005



View Profile WWW
December 19, 2012, 04:34:06 PM
Last edit: December 19, 2012, 07:13:13 PM by piuk
 #40

What happened
I do not know the sepcifics but there was some disagreement between Roger and a customer of bitcoinstore.com. The customer claimed not to own a particular bitcoin address that a incorrect amount had been refunded to. Roger used his access to the blockchain.info admin panel to lookup the information on a wallet which held that bitcoin address. This email address associated with the wallet and the email address of the customer matched.

Why is even possible?
Wallet are stored fully encrypted, so they appear as random text to us. However when notifications are enabled the client extracts the public keys from a wallet and asks blockchain.info to subscribe to those addresses. The ability too lookup a wallet using this information was added so that when newbies come to us and say "I just created a bitcoin wallet, but forgot to record the wallet identifier how can get I get my money back?" we can ask for their bitcoin address or ip and and are normally able to recover the identifier.

Screenshot of Admin Panel:



Why does Roger have access to the blockchain admin panel
He owns a minority stake in the company and helps with support. His funding has been tremendously helpful in allowing me to work on the Site full time, buy new servers, security hardware and fund free features.

Who else has access to this information?
Me, Roger and a customer support agent.

What has been changed
  • Roger and the support agent's access to this information has been revoked.
  • Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
  • The secret phrase is now no longer shown to any admins

What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.

A wallet can be looked up by SMS number or email if that information has been added in [Account Settings].

Can blockchain.info access funds the funds in my blockchain wallet?
No, the information available gives only enough information to prove the user may own a wallet with that address. He could not have accesses the wallet, even if he had wanted to. No other individuals have access to the blockchain.info servers or code apart from me.

Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!