MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info

[DannyHamilton]

A technical questions:

So what if an address is a SHA 256? How does that remove any lookup ability? To lookup by address, just hash it and look up the hash. It removes the ability to lookup, per given wallet ID, what addresses it owns - not the other way around.

You'll find that Piuk has already answered this question.  The address is hashed with a secret key.  Without the secret key, you can't generate the right hash to look up:

. . . Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address . . .

[marnie]

I'm kinda new here, but why on earth does blockchain.info give other individuals access to the admin cp?
Who else has access to this?
That is rather disturbing.
Can I get admin access?

[DannyHamilton]

I'm kinda new here, but why on earth does blockchain.info give other individuals access to the admin cp?
Who else has access to this?
That is rather disturbing.
Can I get admin access?

This has already been answered and addressed:

Why is even possible?
Wallet are stored fully encrypted, so they appear as random text to us. However when notifications are enabled the client extracts the public keys from a wallet and asks blockchain.info to subscribe to those addresses. The ability too lookup a wallet using this information was added so that when newbies come to us and say "I just created a bitcoin wallet, but forgot to record the wallet identifier how can get I get my money back?" we can ask for their bitcoin address or ip and and are normally able to recover the identifier.

Why does Roger have access to the blockchain admin panel
He owns a minority stake in the company and helps with support. His funding has been tremendously helpful in allowing me to work on the Site full time, buy new servers, security hardware and fund free features.

Who else has access to this information?
Me, Roger and a customer support agent.

What has been changed

• Roger and the support agent's access to this information has been revoked.
• Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
• The secret phrase is now no longer shown to any admins

Can blockchain.info access funds the funds in my blockchain wallet?
No, the information available gives only enough information to prove the user may own a wallet with that address. He could not have accesses the wallet, even if he had wanted to. No other individuals have access to the blockchain.info servers or code apart from me.

[marnie]

Looks like the damage was already done.

[Rob E]

I'm kinda new here, but why on earth does blockchain.info give other individuals access to the admin cp?
Who else has access to this?
That is rather disturbing.
Can I get admin access?

In fact i don't think it would be a bad idea if anyone could draw attention to a revolutionary new currency it would be through honesesty and openness..

[DannyM]

Waiting on an answer to this https://bitcointalk.org/index.php?topic=128841.msg1409754#msg1409754

[ripper234]

A technical questions:

So what if an address is a SHA 256? How does that remove any lookup ability? To lookup by address, just hash it and look up the hash. It removes the ability to lookup, per given wallet ID, what addresses it owns - not the other way around.

You'll find that Piuk has already answered this question.  The address is hashed with a secret key.  Without the secret key, you can't generate the right hash to look up:

. . . Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address . . .

Thanks, these were a long couple of threads, didn't follow them both till the end.

[OpenYourEyes]

IANAL, and I may have missed something, and I don't mean to put myself on the either parties site, but have blockchain.info not violated the UK's Data Protection Act?
blockchain.info is hosted in the UK (according to whois), and private information (phone number) has been disclosed from the blockchain.info database.

[jgarzik]

tl;dr:  Use a decentralized client, rather than a centralized web service.

[marnie]

tl;dr:  Use a decentralized client, rather than a centralized web service.

What are some other options, besides the downlaodable one?

[ripper234]

tl;dr:  Use a decentralized client, rather than a centralized web service.

That's not the correct tl;dr.

Blockchain.info is a vital part of Bitcoin as it stands today - it's such a great boost to introduce new users.

All other clients are nowhere near it on pure usability.
Yes, you compromise some security/anonymity ... but it's a tradeoff users need to make.

[ripper234]

tl;dr:  Use a decentralized client, rather than a centralized web service.

What are some other options, besides the downlaodable one?

You mean downloadable ones, right?

http://bitcoin.org/clients.html

[hahahafr]

HTTP://WWW.DRAMATALK.ORG/

[ripper234]

WWW.DRAMATALK.ORG

lol

[CharlieContent]

It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalk.org/index.php?topic=131574.0 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory.

I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do.

We?  Who the fuck is We? You? lol.

"We will see what we can do" as in Piuk and I together, idiot.

[ripper234]

It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalk.org/index.php?topic=131574.0 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory.

I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do.

We?  Who the fuck is We? You? lol.

"We will see what we can do" as in Piuk and I together, idiot.

If Piuk would be interested in looking for more funding for whatever reason, I (and I guess a lot of other people) would be eager to get in on the action as well.

[CharlieContent]

It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalk.org/index.php?topic=131574.0 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory.

I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do.

We?  Who the fuck is We? You? lol.

"We will see what we can do" as in Piuk and I together, idiot.

If Piuk would be interested in looking for more funding for whatever reason, I (and I guess a lot of other people) would be eager to get in on the action as well.

Probably. He's probably fine anyway, I just wanted to give him a way to throw a rat out the door rather than be stuck with Roger Vermin

[Phinnaeus Gage]

Plus, isn't this MemoryDealers guy the kid who left the country because the IRS tried to stick a dildo up his ass or something?

Maybe this talks good about Roger. Who, besides making mistakes from time to time, has an extensive history for supporting and developing Bitcoin worldwide. Trolls in this thread all summed up, have done less than 0.001% that Roger made in the benefit of the community.

And blockchain.info service and features are awesome. I support both Roger and blockchain.

+1

I was going to refrain from chiming in till I got to the end of this thread (already read the other one--related, and now locked). Before I add further to the above, I'll first state that I find it admirable on Roger's part that at no time did his posts come across in an angry tone, nor did he revert to vulgarity.

Besides Rassah, Roger Ver is the only other person that has access to the funds held by Bitcoin 100, structured that why in the event of the proverbial bus accident. (I don't have access) I trust Roger fully and this episode, albeit sad, does not cause me concern.

Further, Roger Ver has donated considerably to Bitcoin 100, but that did not stop me from once (maybe twice) penning about him being a major distributor of Magic: The Gathering cards just prior to getting involved with Bitcoin. (my apologies for bringing it up again, but using this fact to drive a point home) If I even felt/knew that Roger Ver did something nefarious, I would start or join the choir of sticking it up his ass regardless of his contribution to Bitcoin 100. At this penning, I don't believe such an anal act is warranted.

Roger, regardless of whatever transpires further regarding this episode, or any of the like in the future (hopefully not), please keep up the class act, continue presenting your arguments (for lack of a better term) in a professional tone.

~Bruno K~

EDIT:

changes

Good show. Quick, reasonable and effective countermeasures.

EDIT: As you are now the sole person that has access to the site's full features, please remember to store admin login credentials with a lawyer in case you get hit by a bus.

In a past life, I was a gray hawk, till I took an arrow...

[CharlieContent]

If I even felt/knew that Roger Ver did something nefarious, I would start or join the choir of sticking it up his ass regardless of his contribution to Bitcoin 100. At this penning, I don't believe such an anal act is warranted.

I don't usually like your posts but these lines made me laugh.

What's Bitcoin100? I must have missed that. Got an explanatory link?

[Phinnaeus Gage]

If I even felt/knew that Roger Ver did something nefarious, I would start or join the choir of sticking it up his ass regardless of his contribution to Bitcoin 100. At this penning, I don't believe such an anal act is warranted.

I don't usually like your posts but these lines made me laugh.

What's Bitcoin100? I must have missed that. Got an explanatory link?

Please see my sig, Charlie. First line is a link.