Topic: [BTC-TC] Virtual Community Exchange [CLOSED] - page 74. (Read 316534 times)

Yeah it would be a total pain for me.  I get the user ID to send to from the list of who transferred.  I use copy/paste to put in my own transfer out so there's minimal risk of me sending to the wrong person.  I can, of course, get the quantity to send wrong - but a pin wouldn't change that.  Obviously I wouldn't object to a pin being added if it was optional.

I plan to automate the exchanging eventually (it can't be done right now even if I had the time - as API doesn't currently provide sufficient information : it lacks the identity of the sender so a bot wouldn't know who to send back to) which would be impossible if there was other information required beyond identity of sender.

Not sure how many transfers I've done for DMS but it must be getting towards 1K sets of paired transfers.  Only errors so far (other than missing a few - which were all caught up with either when my daily audit caught the error or when the user PMed querying) were a couple of occasions where I failed to send 1 of either Mining/Selling (probably clicked transfer instead of pressed yubikey and didn't notice) and one where I sent too few of one.  Oh and on a few occasions I mistakenly sent mining rather than purchase when doing swaps in from my personal account - just force of habit there I guess.

Copy/Pasting name to send to from wherever it originated rather than retyping it is best protection by a mile.

Been working on it while responding to posts.  Some today were particularly sticky    I should be back to more frequent withdrawals in a couple days.

Any chance you can process withdrawals today?

I wrote back privately at the same time I responded publicly.  I had a limited window of time to respond in and responded as soon as I saw your messages.  I hate to say it, but had I seen it 2 seconds after you wrote it -the response would have been the same-.  I took your situation quite seriously.  However painful it may be that you did not get the immediate resolution you wished, we are not going to get into the business of reversing trades instantly for user input errors.  Transfers in online banking to accounts that don't belong to me are instant and permanent.  Every single transaction in bitcoin is instant and permanent.  This is no different.

Proof that the account exists is simple to test.  Grab a share of something cheap and try sending it to a random account.  For accounts that don't exist the transfer is rejected.  (add: looks like dexX7 tried this.)

I am very, very sad that you sent your shares to a scammer.  But let's not turn this into more than it is.

That all said... I'm pretty sure I mentioned in my email to you that I'd look into it.  Turns out this user has ~15 accounts, all variations of the 796 exchange's username.  It seems to be an obvious scam and I locked the account you sent the shares to yesterday.  I'm going to sit on them for a while before returning them on the off chance that any further evidence should surface, but they are secure at the moment.


I like the "transfer pin" idea.  Adds some pain to transferring that I'm not sure I'm willing to take on though.  Think if it from my perspective (ASICMINER-PT) or Deprived's perspective (DMS.SELLING, DMS.MINING, etc.) ... we do 1000's of transfers.  In Deprived's case he's watching transfers come in, which gives him an account id, then transferring back an appropriate number to the same account.  Adding a stage where he has to contact the user and request their private transfer PIN would be a deal killer.

Maybe when transfers come in we display the "from" account as "account:transfer pin"... ?  Thus you'd have what you need to return the transfer if necessary?



The "pick up" button idea is a good one, but difficult to implement.  Also, who gets the divs while the shares are in limbo?

Regarding one-off cases and fixing these manually, transfers are permanent.  As you mentioned, reversing anything requires mediating between the two account owners.  I guess mediating something like this is something we could offer to do for a fee, but what response is a scammer going to have other than "those are my shares, of course I paid for them!".  This is reinforced by the fact that in 99% of the cases they're going to have already been sold and the coinage transferred out.

I've added a warning to the bottom of the transfers form. 

Did someone say PT?  

Great idea, added to the todo.


We discussed this a couple of pages back.  I think the plan is to highlight issuer orders, then have a checkbox that allows the buyer/seller to fill the issuer's orders before filling other user's orders.

Cheers.

It's a cache issue.  The existence of the options is cached and applies against your reserves until it times out.  It's not long though.

Cheers.

The interesting point in question seems to be this:


That doesn't particularly hurt my feelings.  I'd rather people go with what fits their needs rather than trying to fit a square peg in a round hole.  Plus I value my freedom, so they just gave me a pretty good argument in court if it ever comes down to arguing whether we're virtual or not.  (Judge, we gave up revenue and didn't pursue "real" issues, see here: ...)  There's actually several examples of this to date now, and it's somewhat a relief honestly.

I would be curious to know how they are getting around US Securities Law.  Specifically the part where you're not allowed to market or offer to non-accredited (accredited = net assets of 1 mil and registered with the us gov't.) investors.

Also, if the BF lawyer is not a Cypriot lawyer, then they may be getting dangerous advice.  

I think if I were these guys and were serious about keeping the legal challenges to a minimum I'd be soliciting private investors quietly, not listing on an exchange, but that's just me.

I guess the other consideration is that if the issue is any good, there will probably be someone setting up a PT before you know it.  

Cheers.

Maybe require the receivers to 'pick up' the transfer by clicking a button, and allow the senders to cancel the transaction up until the pickup point.  This allows some window of opportunity for the sender to recover their error after realizing that he entered the wrong information a couple of times, verified it, and then clicked to transfer before it becomes permanent.  

Adding a unique hash to each user is a good, but really though, how far you go to account for user error can lead to an interesting cost/benefit analysis where much of your effort is focused on solving for the least common denominator.  It's usually more efficient to treat these as one-off cases and fix what can be fixed manually and leave a warning for the user otherwise.

In this case, I think reversing the transaction requires embroiling oneself in the affairs of the transaction --  getting approval from the transfer recipient and confirming that this was transferred to his account by mistake.  Otherwise, this method could be used as a 'reversal' technique for legitimate transactions.  The easiest way to solve this would be to simply ask the recipient to transfer back the shares they were transferred in error (that is, if he still has them).  However, since there's no messaging system between users on the site, there's no way for users to handle this on their own.  With admin intervention, if the accidental recipient disagrees that this was an erroneous transfer then this would place the admin into a position as an arbiter, which he shouldn't be in, especially with no legitimate proof either way on whether it was an erroneous transfer.  In such a case, I'd have to agree with leaving the transfer alone and not reversing it, since ultimately it's the user's responsibility to confirm that the recipient information is correct before they submit it.  

Maybe add a disclaimer about transfers being irreversible.

Just some brainstorming on this idea (still not sure if the idea itself needs to be done):

 - Every user has a second identificator (4 char hash for example)
 - Sender starts transfer to username as usual
 - btct.co asks for confirmation and displays username and second identifier

This would eliminate the need of entering the second identifier with almost the same outcome.

The current two times input + pin is much more than we get from a Bitcoin tx though. I tried to send a share to a non existing username and all it shows is "invalid user", so this case is covered already and they don't get lost in limbo.

xubingde: I don't understand the loophole you mentioned and I feel sorry for your loss. What would you like to happen to "solve" your problem?

Perhaps a Correct solution

Brilliant idea, but better than a hash would be a random number.

If it was an hash and somehow the algorithm became known, you could try offline many small variations until you got one with the same hash.
If instead it's just random, as long as you can't create accounts at will, it should work.

I submit Support Request,  but I didn’t get any response in 2 days. Is this normal?

Nah, everyone is totally honest and peaceful on the internet.

 I submitted a ticket the very moment I found the little error, but I didn’t get any response in 2 days. Is this normal? It’s an emergence but obviously you didn’t take my situation seriously. If I didn’t post on the forum, you won’t reply to me, right? And it’s been 72 hours. Yes, your site does have 2 input and the security code, but most sites have pop-ups requiring the final confirmation when it refers to property. However, you don’t have this. I had contacted with 796 Exchange when I finished transfer and xchang796 doesn’t belong to them. I think it’s a very irresponsible act to say that it might their account. I’m very sad to hear that from you. Moreover, the stuff told me that the account xchange796 was created in no more than 72 hours. I don’t believe that someone would create such a similar account and just set people up to rob their property in such a short time. Do you believe that? I’d like to ask you to provide proof or I’ll take it as a loophole from your platform, especially comes to such a phishing account. You should solve this problem and improve the customer service. They let me wait such a long time and then tell me that you are not able to figure this out. What makes me very angry is that you did not take any action to suspend the transfer during the 72 hours. You’re obviously making an easy way for liars. It’s not what a trustworthy platform should’ve done.  There’s a lot of fraud in the internet world. And I guess you guys know this. Only those who try their best to protect users’ property and act for users’ interest can earn users’ trust and respect. Yet, BTCT is doing really bad on this.

About your second point, I originally had that written into my previous post, but removed it after the following thought: what if an IPO process takes "too long" and an investor no longer wants their money tied up in that particular venture and is willing to sell at a loss to have his money available to him immediately? Should he be penalized for investing in the beginning/middle of an IPO? Wouldn't that inability to undercut prevent many from buying due to fear of having their money locked for an undetermined period of time?

We need to see trades, that change the number of outstanding shares and at what price, those happened.
Also, if IPO is in progress, any share transfers (no coin moved via exchange) must be reported or even better, not allowed by default.
 

Seconded. Though if this were to be implemented, how would the site differentiate between shares sold by the issuer at a certain price and other peoples' asks at that same price? Would the shares be broken up into two groups "issuers" and "others" with, hopefully, issuers shares getting priority, or would the entire amount be highlighted (thus somewhat ruining the point of highlighting in the first place)?

Any chance you can find time to code this simple feature: Issuers own Bid and Ask orders are highlighted so they are clearly visible to everyone.
I have asked this like 3 or 4 times (even when GLBSE was around)
Lets make it even better. if issuer buys back shares, those trades are marked in the trade history.

Why, read about the ActiveMining fiasco, where "new walls are going up" but no idea when and where.

Small API feature-request: Add the username to transfers in the trade history. Currently it only says "transfer-out" or "transfer-in", but not to or from who.