|
Bitsky (OP)
|
 |
June 29, 2012, 08:23:38 AM |
|
It looks like quite a few members here got scammed by people who managed to get access to abandoned accounts, most likely because they used the same password on multiple sites.
Especially if the accounts belong to users with more than 100-200 postings, others trust them more than newbie accounts, what makes the scam easier to pull off.
There should be a "max days between logins" limit, after which an account gets locked and need to be manually enabled again by a mod. Either by sending a new password to the registration mail (which could be hacked too however), or by having the member sign a message with the btc address in the sig (if available; perhaps make providing a btc address mandatory), or by giving hints about who they sent PM's to.
If someone doesn't log in at least once every 30-60 days, he hasn't much interest in Bitcoin at all.
|
|
|
|
|
|
|
|
|
|
|
|
|
Transactions must be included in a block to be properly completed. When you send a transaction, it is broadcast to miners. Miners can then optionally include it in their next blocks. Miners will be more inclined to include your transaction if it has a higher transaction fee.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
bulanula
|
|
June 29, 2012, 12:25:22 PM |
|
It looks like quite a few members here got scammed by people who managed to get access to abandoned accounts, most likely because they used the same password on multiple sites.
Especially if the accounts belong to users with more than 100-200 postings, others trust them more than newbie accounts, what makes the scam easier to pull off.
There should be a "max days between logins" limit, after which an account gets locked and need to be manually enabled again by a mod. Either by sending a new password to the registration mail (which could be hacked too however), or by having the member sign a message with the btc address in the sig (if available; perhaps make providing a btc address mandatory), or by giving hints about who they sent PM's to.
If someone doesn't log in at least once every 30-60 days, he hasn't much interest in Bitcoin at all.
Does not mean that you should lock the account mate. That is not nice for people that don't even have any idea why the account is locked nor can find out why. -1 for this policy. |
|
|
|
|
Kluge
Donator
Legendary
 Offline
Activity: 1218
Merit: 1015
|
|
June 29, 2012, 12:38:48 PM |
|
Going by past experience, it is indeed much more likely than an individual's computer/email being cracked that a server's db was accessed without authorization, as happened when MtGox was compromised, and a flood of old users who used the same credentials had their forum account compromised as a result. I would think it reasonable to have them simply sent a confirmation email before being allowed to log in if it has been over 30 days since they last logged in. Simple email verification, minimal headache. ... If it's not too much of a headache to implement.
Identity theft on this forum should be taken very seriously. It should be more stringent than the "typical" forum. She don't look like much, but is competent-enough to facilitate tens of thousands of dollars worth of transactions every week (I'm guessing). After the flood of ID thieves post-Gox-GOXing, I think most members have the sense to check post history to look specifically for when that user last made a post before entering into a transaction, though newbies probably aren't aware. Having one's first transaction be a scam may be enough to push them out of interest in Bitcoin forever.
|
|
|
|
|
|
Bitsky (OP)
|
|
June 29, 2012, 12:48:35 PM |
|
Does not mean that you should lock the account mate.
That is not nice for people that don't even have any idea why the account is locked nor can find out why.
-1 for this policy.
Well, with that tag below your username, I'm not really surprised that you don't like my suggestion. Of course you can let people know why the account is locked. Just redirect them to a page explaining why and what to do about it when they try to log in. An email verification or a signed message isn't really that much work if you can't be bothered to log in at least once every month or two. With such a policy, threads like this one would not exist: https://bitcointalk.org/index.php?topic=86248.msg982776#msg982776The lender would still have his 55btc. |
|
|
|
|
bulanula
|
|
June 29, 2012, 12:55:23 PM |
|
Does not mean that you should lock the account mate.
That is not nice for people that don't even have any idea why the account is locked nor can find out why.
-1 for this policy.
Well, with that tag below your username, I'm not really surprised that you don't like my suggestion. Of course you can let people know why the account is locked. Just redirect them to a page explaining why and what to do about it when they try to log in. An email verification or a signed message isn't really that much work if you can't be bothered to log in at least once every month or two. With such a policy, threads like this one would not exist: https://bitcointalk.org/index.php?topic=86248.msg982776#msg982776The lender would still have his 55btc. Very funny personal attack. Locking accounts at random because they did not have time to log in = genius policy. How about being SMART and not getting scammed like a sheep for a start ? Anybody not doing due diligence and handing over $$$ to strangers on the Net deserve to be scammed by me. Use escrow and you are safe ... but some just want / beg to get scammed ! |
|
|
|
|
|
|
|
Bitsky (OP)
|
|
June 29, 2012, 10:45:40 PM |
|
Very funny personal attack. Locking accounts at random because they did not have time to log in = genius policy.
You worked hard to get this tag, along with 22.5btc, so you've got to live with it. Also the locks won't happen randomly, but after a defined time and with a redirect to an explanation. Use escrow and you are safe ... but some just want / beg to get scammed !
So how does an escrow protect you from someone who just keeps the money lent to him? Like in this case: https://bitcointalk.org/index.php?topic=86248.msg982776#msg982776 |
|
|
|
mc_lovin
Legendary
Offline
Activity: 1190
Merit: 1000
www.bitcointrading.com
|
|
July 02, 2012, 05:02:50 AM |
|
I would say at the very worst, after an account hasn't been logged into in 3 months, reset it so that they need to do email activation to use the account again... But even that would be tricky to set up, and I think it should be an opt-in feature instead of default.
|
|
|
|
|
|
TehZomB
|
|
July 02, 2012, 05:52:54 AM |
|
I respectfully disagree.
I was thrilled when I found that, after registering and not using my account here for eight or so months, I didn't have to get out of "newbie jail" (that wasn't a thing when I registered).
|
|
|
|
|
|
bulanula
|
|
July 02, 2012, 05:20:37 PM |
|
I respectfully disagree.
I was thrilled when I found that, after registering and not using my account here for eight or so months, I didn't have to get out of "newbie jail" (that wasn't a thing when I registered).
Going by the SKEWED mentality of the "lock user account" supporters in this thread, I would say you are going to scam somebody in the next month. You are not probably going to scam anyone. Don't lock any accounts. How about locking satoshi's account too ? |
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
July 02, 2012, 05:50:02 PM |
|
How about locking satoshi's account too ?
We already have, but for unrelated reasons. |
|
|
|
|
bulanula
|
|
July 02, 2012, 05:57:18 PM |
|
How about locking satoshi's account too ?
We already have, but for unrelated reasons. What if he decides to come back ? Seems a bit harsh ... not convinced he really died or something. |
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
July 02, 2012, 06:04:21 PM |
|
How about locking satoshi's account too ?
We already have, but for unrelated reasons. What if he decides to come back ? Seems a bit harsh ... not convinced he really died or something. He still has his GPG key, as well as at least Gavin's contact information. |
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1721
|
|
July 02, 2012, 08:33:21 PM |
|
How about locking satoshi's account too ?
We already have, but for unrelated reasons. Are you afraid someone manages to hack into his account (0day exploit in SMF, gueesses pwd, whatevah) and impersonate him? |
Signature space available for rent.
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
July 02, 2012, 11:26:46 PM |
|
How about locking satoshi's account too ?
We already have, but for unrelated reasons. Are you afraid someone manages to hack into his account (0day exploit in SMF, gueesses pwd, whatevah) and impersonate him? That much should be obvious. If he comes back, he could use his GPG key to sign a message asking for his account to be unlocked. |
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
July 06, 2012, 10:02:46 PM |
|
+1 for email verification -1 for manual mod reactivation, because it's too much of a hassle -1 for the BTC address idea, because it links forum accounts to wallets, which may become corrupt, or lost. Not to mention the possible incompatibility with 3rd party clients. I would say at the very worst, after an account hasn't been logged into in 3 months, reset it so that they need to do email activation to use the account again... But even that would be tricky to set up, and I think it should be an opt-in feature instead of default.
that kills the whole point. the purpose is to ensure ignorant users' accounts can't be used by scammers. Do you think ignorant users are going to opt-in to any feature? How about locking satoshi's account too ?
We already have, but for unrelated reasons. Are you afraid someone manages to hack into his account (0day exploit in SMF, gueesses pwd, whatevah) and impersonate him? this actually happened. that's how the db got leaked. |
|
|
|
|
