Topic: [ANN][KARM] Karma / ₭ / X11 - page 407. (Read 583123 times)

If you can help the market lift then by all means do it.
You would help the community and you would be buying very cheap Karma at the same time.

Its incredible the power of cryptocoin wales.

They can make the market go down by selling huge quantities of coins to themselves, therefore creating the illusion that lots of people are panic selling.
Only to after buy some cheap coins until the market re-bounces up.

Hmmm I think that sounds like a good idea, the only thing I don't want to happen is those karm get dumped on exchanges. There are 49,105,034,065 KARM at this moment in time, I would like to know how much has been taken out of circulation from this at the end. I am pretty sure I saw something like a total amount when I made my purchase.

Is Karm wanting to go down the fund raising/charitable giving side of things? I know a few good stores in the media at the moment that would pick up on a KARM donation and run with the story....

It don't think its wolong haha we would have seen a huge spike by now. I managed to get into Karm when they were selling them at 1 satoshi and closing all of the BTC channels. I made another purchase yesterday at 34  and 33

I am tempted to try and lift the market and out do this whale.

The Karma will be used very spariingly (if at all) until we have a system in place where the shareholders can vote on how to spend it.

I'm thinking that we could mostly use it to reward those projects that have some momentum or success. For example, if we build a website that is gaining users rapidly then spending X karma on it could be justified. But this is something the community can decide at the time.

We could even experiment with internal 'X' prizes. e.g., "The team that builds a site and reaches 5,000 users first gets xxxxxx Karma to split among them.

We can show results first and then think about how to spend it. If we need operational funds then we could release very little at a time into the market. But again, the community would decide this.

Yes, it appears that some whales have been trying to load up on Karma for a while now. (Wolong at work again?) The downtrend a few days ago was the perfect opportunity, I think.

Well thats what I figure, I have always thought of the coins like little business start ups anyway so this just reenforces that. All of the successful coins should allow for an IPO in the shares of that business then pay a dividend to the holders. This is beneficial for both parties in many ways.

My only question is... And it may be a stupid one but... What happens to all of the KARM you are taking in?

Also I notice some one is trying to keep the price down on mintpal.

It is really an interesting concept with a lot of potential.
And I honestly believe that all cards are being played well so I see no reason for not having at least a moderate success.

At the current price of Karma coins (so cheap!) it looks really a very small risk compared with the possible (probable?) outcome.

:-)

Thanks.. working on confirmations now A bit slow today, as I am traveling. Please let us know if you have any questions

Just sent 10 mil from K9he2DYcDTRs8X5ZFUk8Rv1AtcFH9insrZ

  hope it all goes well, it looks like a new interesting concept.

I agree with you about the email address, but its a "problem" that can be easily solved.

The confirmations sent to Karmashares LLC up to until now can just be deleted, as the signature process will have to be redone in future for security reasons (signing a blank message is not sufficient).
In this case any user that sent his/her email address and regrets it can sleep better in future...

I suggest that, when the new signing process is made available (No need to hurry... we have a lot of time!), the form is changed to do not require (should be optional) giving the Email address and Name.
And has I suggested before, include a separated text box to place a signature generated with the text that goes on the "Message" field (including BTC and Karma address), signed with the Karma address.

And if you believe (like I do) in the good future of Karmashares LLC, maybe you should spend some dozen (or hundread) million Karma in shares, in order to make use of the Quantum period (5x the number of shares now!).

And you someone does not have coins they can buy them for very cheap from Mintpal (or Cryptsy) right now.


Regards

you have to send money, sign a message and then fill in a form.. if you make a mistake in any of these steps then your going to cause a headache for yourself or the guy at the other end....

the fact that people keep coming back with questions over and over, and there are multiple steps should be dead give-away that the process is at least a little convoluted and over complicated.


yes it is too late for those people who have already handed over their email addresses.. all they can do now is hope that the central list doesn't get misplaced or stolen.


I have owned Karma since almost the first week if its life.
whether or not I invest in Karmashares, I will be rewarded if Karmashares succeeds and I will be punished if it fails..

Signing a message is not that complicated.


That would be one way of doing it.

But the current way is also fine as long as the message including the BTC/Karama addresses is signed by the shareholders as I suggested before paying the dividends.
This can be done anytime, but it wold be nice to be implemented sooner because would avoid forcing the shareholders to have to sign multiple times.


You do not have to give your name, nor you email, to confirm your shares.
You can just fill the form with (or something that shows you just want to keep that info private):

Name: x
Email: [email protected]

The only important things are your BTC address and the confirmation that you are a shareholder.



Too late?!

We are in the start of what I believe will be a VERY successful endeavor!

If you do not own some shares you should get them as soon as possible :-)

I'm sure that once its time to pay the dividends a very secure method for ensuring the payment is done to the legit shareholders is properly available.

But why is that true?
Because the community actively worked in identifying and giving solutions to the problems found!

Also, the sooner a proper method is used for validating the exchange of the BTC address (like the one I gave), the less address verifications will have to be redone in future.
Yes... Because once a proper method starts to be used, all shares confirmations will have to be redone.

Believe me, I'm do not wish anyone to panic.
I'm just offering my skills (in this case security flaws identification) to the community.

At some level I agree with you that some matters should be addressed in private, but this one I'm not sure, because as you probably know "multiple heads think better than one".

it all sounds a bit over complicated and convoluted to me.

I don't know why they didn't just set up a Karma-shares address, ask people to send Karma to that address if they want karmashares.. and when they send the money include a valid Bitcoin address in the message that is embedded into the transaction and any transaction that doesn't follow the rules just gets refunded.

that way you have the Sending Karma Address tied to the Receiving Bitcoin address for payouts and everything being stored in the block chain so it can't be hacked easily.

by collecting email addresses which are tied to both  a Bitcoin address and a Karma address you are effectively holding them in a centralized location where the data could be hacked or stolen. If the data gets lost or stolen then hackers could potentially know how many bitcoins and karma each person has and their login ID (email address is used as login ID for most exchanges). from there all the hacker needs to do is break into the email accounts and then they can steal coins from anyone who has an exchange account (which is almost everyone). This is what happened to FR33Aid (their online wallet was hacked via an unsecured improperly secured email address)

not to mention this cold turn out to be an administrative nightmare for anyone who regularly has to deal with payouts and refunds etc for karmashares.

I know its too late to change things now.. but I'm just saying it for the record.
centralizing information is never a good idea.  just look at all the credit card hack scandals we have had over the past few months..

I understand that for legal reasons it may have been necessary to collect email addresses but I do own shares in companies like ASICMiner (based in china) where no personal information is kept about me at all... just my bitcoin address.. if i ever need to prove I own the shares then all I need to do is send a signed message.

Obviously you sign the Karmacoin address that the coins have been sent from. No, because HIS Karmacoin  address isn't YOUR Karmacoin address - the address from which the coins have been seen. The bitcoin address you specify is the address that the dividends will be sent to.
 
It would be very simple to ask for a confirmation of address ownership before sending any dividends - sending an ammount of X.xxxxx from the address to a Karmashares LLC address for example precisely demonstrates control. All of this could also be bypassed by giving the option of registration with 2FA on Karmashares LLC - verified and secured.

It is not as vulnerable as people have been making out and by the time the first payments are due to be sent out there will no doubt be a very secure method of ensuring everything is above board. Stop whipping up panic and let Kosmost and the team handle things in due course. A more appropriate means of relaying concerns like this would be over PM to ensure others do not get misled and panic. The only people who would either not care or not be averse to creating panic are those who are not currently invested at all and wish to buy cheap coins. Remember that when you read what members have to say folks.

I don't understand how signing an empty message with a random Karmacoin receiving address would prove anything? Which Karmacoin address should I sign with and how do you verify that signature? I mean that i have lots of receiving addresses in my wallet

Could someone else send a signed message about my transaction before me signed with his Karmacoin receiving address?

Sorry 'ShawnLeary', but my solution is still the only one that offers protection in the exchange of the BTC address, so I'm still the one deserving the tips ;-)


Comparing the current signature (generated by signing an empty message) with a previous one (also generated by an empty message), like suggested by 'spitfire1337', and only accepting the new signature if different from the previous one (after checking that the new signature also belongs to the same address offcourse) is not enough.

Of course it is better than nothing but it still leaves too much possibility of cheating the system.

Please read my suggestion again, which to my knowledge is the only solution exchanged in this forum that offers total security in the transaction of the BTC address for dividends, regarding proving that the BTC address is given by the REAL owner of the Karmashares LLC.

One possible safety measure regarding COMMUNICATION SECURITY is to require a registration to Karmashares.com with an email that asks for 2FA verification like google mail. Making any further requests and communication pass thru that system. (WALLET SIGNATURE, PROFIT SHARE etc) but I am sure Karmateam is preparing something in this line.

Thanks for the thought. I'm glad you're thinking about this. Any changes will need to be signed again. No records are deleted (and backups are made). So if you update something (or sign something) we will compare it against what was previously submitted.

Thank you for this great thought

You totally cock blocked PTMan tip I was about to send!  So un-Karma like j/k

Your solution solves part of the possible attacks but not all.
What if the attacker intercepts an email, steals the new signature while making the original email never reach Karmashares LLC, so that he can be the first to use that signature (and therefore give his own BTC address, stealing the dividends of a Karmashares shareholder)?
I can think of some ways this can be done.

The solution is, as I suggested before, signing the complete message with the BTC and KARMA address (the signature would be written in a separated text box of the online form).

This way, and only this way, Karmashares LLC can be sure that the BTC address (to where the dividends will be sent) is provided by someone who has access to the Karma wallet that has the address that generated the transaction to Karmashares LLC.


Please do not allow it to be possible to mess with Karmashares LLC dividend payment system with just a little of hacking and/or social engineering.