It sort of depends, each case is different. At the very least, before you deal with someone, check to see if their email/password has been changed recently, check to see if their language or posting habits have changed or any other suspicious behavior. If you are uncertain, ask for a signed Bitcoin message or some other type of identify that you can use as a 2FA check to make sure it is who you think you are dealing with.
Glancing past the rape analogy which I don't think was entirely necessary as a comparison of liability, and going with a still controversial topic, I'll use guns. Say you own a gun, and you leave it on your kitchen table. If someone breaks in, steals it, and uses it to hurt someone, are you at fault? Conversely, if you keep your gun in a safe, someone breaks in and spends an hour to break into your safe with an oxyacetylene torch and a sawzall, and then uses it to hurt someone, are you at fault?
If you made a good faith effort at protecting your account, and it was stolen at reasonably no fault of your own, I don't think its the account owner fault. If you are taking a picture of yourself to post on social media, and you have passwords.txt open on your computer and visible in the background, I think at the very least you should feel bad about damage done by the hacker and try and do something about it.
Topic: [Controversial] Who's to blame when an account gets hacked? - page 2. (Read 2089 times)
The answer to your question really depends on the specific situation.
If you maintain a reputation of signing all addresses you receive payment to, then (assuming no signed message, I would place more blame on the lender. The same applies if you are someone like OgNasty who maintains a reputation of using the same address for all transactions. Otherwise I would place more responsibility on the person whose account was hacked.
It is not unusual for someone to reset their password nor to change it. If you don't usually sign a message confirming payment addresses then why would a lender expect to receive one for a loan?
Regardless of the above if there are warnings that an account is hacked (with references that are reliable) and/or threads open in meta and/or scam accusations (that are reliable) as of when the lender agrees to make the loan then responsibility is squarely on the lender.
Edit: I don't approve of your rape analogy.
Also the hacker is obviously the true scammer however it is usually unlikely that any money will be recovered from the hacker and it is unlikely that their identity will even be discovered.
Edit2: although I find this unlikely, if there's clear evidence that the hack was due to an undisclosed security issue with the forum then theymos should cover losses.
edit3: The above only applies to when I would believe that someone is a scammer. The legal threshold for who is responsible if/when litigation is pursued is likely different.
If you maintain a reputation of signing all addresses you receive payment to, then (assuming no signed message, I would place more blame on the lender. The same applies if you are someone like OgNasty who maintains a reputation of using the same address for all transactions. Otherwise I would place more responsibility on the person whose account was hacked.
It is not unusual for someone to reset their password nor to change it. If you don't usually sign a message confirming payment addresses then why would a lender expect to receive one for a loan?
Regardless of the above if there are warnings that an account is hacked (with references that are reliable) and/or threads open in meta and/or scam accusations (that are reliable) as of when the lender agrees to make the loan then responsibility is squarely on the lender.
Edit: I don't approve of your rape analogy.
Also the hacker is obviously the true scammer however it is usually unlikely that any money will be recovered from the hacker and it is unlikely that their identity will even be discovered.
Edit2: although I find this unlikely, if there's clear evidence that the hack was due to an undisclosed security issue with the forum then theymos should cover losses.
edit3: The above only applies to when I would believe that someone is a scammer. The legal threshold for who is responsible if/when litigation is pursued is likely different.
-snip-
was raped, who's fault is it?
-snip-
was raped, who's fault is it?
-snip-
Lets not go there, its a bad analogy, see below.
-snip-
I see hacked accounts every single day here. It sucks. I hate seeing people's reputations get ruined for a few bitcents. The hackers are to blame of course but assuming you ever find them, would you ever really sue them for the $100 in damages? Obviously not. So it sucks (I know I already said that) but someone needs to take responsibility. Who should it be?
No matter what security you use, whether you're using a very secure computer or you use the same password on every website there's one person to blame: the hacker. Yes you should protect yourself but that doesn't mean it's your fault if you get hacked.
I really hope I never get hacked. Ever since I've joined bitcointalk I've been so much more careful with security so I hope that means I never get hacked. The problem is I've seen people turn on each other like wild wolves here.
Maybe let's come up with some kind of consensus. Let me know if there is a better option that should be in the poll that I didn't think of.
I see hacked accounts every single day here. It sucks. I hate seeing people's reputations get ruined for a few bitcents. The hackers are to blame of course but assuming you ever find them, would you ever really sue them for the $100 in damages? Obviously not. So it sucks (I know I already said that) but someone needs to take responsibility. Who should it be?
No matter what security you use, whether you're using a very secure computer or you use the same password on every website there's one person to blame: the hacker. Yes you should protect yourself but that doesn't mean it's your fault if you get hacked.
I really hope I never get hacked. Ever since I've joined bitcointalk I've been so much more careful with security so I hope that means I never get hacked. The problem is I've seen people turn on each other like wild wolves here.
Maybe let's come up with some kind of consensus. Let me know if there is a better option that should be in the poll that I didn't think of.
The attacker is always to blame, but the person attacked has to take responsibility for what happened. Its your account - same as its your body - if something happens to it, you have to live with the consequences of the attack regardless who did it. If your body was used to take out a loan, yeah the rape analogy starts to fall apart here. I doubt a rape victim has to deal with problems of damage done to others because they have been raped, at the very least I hope they dont. Lets put it aside.
If your account was hacked and used for nefarious reasons you are not to blame (unless maybe you have been careless about security), but you have to suffer through the repercussions same as you cant just put a rapist in jail (Im sorry I know I said Ill put it aside) and suspect the victim to be fine. Why is this so you might ask, its a digital thing, it should be easy to just revert everything. Well for one you cant just revert the feeling that someone was using your account. At least for me this is already a violation on an emotional level. More importantly IMHO though you can not proof you have been hacked and we tend to be very paranoid here. In order to avoid 'I didnt do it, was hacked' as a get out of jail free card, there has to be consequences if there was damage.
The original owner shouldn't be let off free. We all have to stand behind the actions of our account,
Negative trust should be automatic in the case of default of a loan.
Theymos believed so as well.
Negative trust should be automatic in the case of default of a loan.
Theymos believed so as well.
think that marcotheminer should return the account now since it was probably hacked, but everyone should give yussuf89 negative feedback for being unable to stand behind his account's actions unless he pays 50-75% of the loan principle. (This is just my opinion -- I'm not going to try to enforce it.)
I personally think the best way to go is if both victims agree on something they can live with. A 50-50 split might be in order in many cases though.
btw, thanks for the reminder to change my password. If anyone has doubt its still me, ask for a signed message (PGP or BTC you know the drill).
The original owner shouldn't be let off free. We all have to stand behind the actions of our account,
Negative trust should be automatic in the case of default of a loan.
Theymos believed so as well.
Negative trust should be automatic in the case of default of a loan.
Theymos believed so as well.
think that marcotheminer should return the account now since it was probably hacked, but everyone should give yussuf89 negative feedback for being unable to stand behind his account's actions unless he pays 50-75% of the loan principle. (This is just my opinion -- I'm not going to try to enforce it.)
IMO Both parties are responsible. The person who was hacked should have properly secured their account, and upon discovery of the hack, immediately inform everyone that their account has been hacked. The person who got scammed because of the hacked account should have done their due diligence and done as much as possible to ensure that the person contacting them was who they said they were.
The issue with not ascribing blame to the victim is that doing so essentially gives the victim of the hack a free pass. The victim certainly holds some blame as something they did compromised their system. While the hacker is most certainly at fault, the victim is partially to blame as well as they should have been more attentive and more careful about their security. Of course how they got compromised affects how much blame should be ascribed to the victim.
The issue with not ascribing blame to the victim is that doing so essentially gives the victim of the hack a free pass. The victim certainly holds some blame as something they did compromised their system. While the hacker is most certainly at fault, the victim is partially to blame as well as they should have been more attentive and more careful about their security. Of course how they got compromised affects how much blame should be ascribed to the victim.
The lender/escrow/buyer should take more responsibility but every case is unique.
The lender/escrow/buyer should set a long enough password and should use a secure email address and get a signed message from the person they got it from.
The lender/escrow/buyer should set a long enough password and should use a secure email address and get a signed message from the person they got it from.
It depends.
You can't exactly prove that an account wasn't hacked when all the people involved are scattered all over the world. If anyone didn't lose money because of the "hack" then there should be no problem no matter who's at fault, but if the hacked account scammed or appears to be scamming then the account owner are responsible to some degree and the account should be "blamed". The one who didn't take precautions even though hacks are quite common here should also take responsibility.
So, #3.
Edited.
You can't exactly prove that an account wasn't hacked when all the people involved are scattered all over the world. If anyone didn't lose money because of the "hack" then there should be no problem no matter who's at fault, but if the hacked account scammed or appears to be scamming then the account owner are responsible to some degree and the account should be "blamed". The one who didn't take precautions even though hacks are quite common here should also take responsibility.
So, #3.
Edited.
This is a question that gets very divided responses. The sentiment on this forum seems to be that the person who gets hacked is responsible for whatever happens with that account during the hack. I find that ludicrous. No one here should have to babysit their account if they don't use it for a while, and I see the hacking victim as exactly that, a victim.
On the other hand, we've all seen the BS where people claim to have been hacked, and it's just a coverup for a scam. And I don't think (correct me if I'm wrong) there's any great way to prove that you weren't hacked. Therein lies the problem. I get that people who've been scammed want to hold someone accountable, but I don't think if someone truly had their account compromised that they are responsible for repaying the scam victims.
On the other hand, we've all seen the BS where people claim to have been hacked, and it's just a coverup for a scam. And I don't think (correct me if I'm wrong) there's any great way to prove that you weren't hacked. Therein lies the problem. I get that people who've been scammed want to hold someone accountable, but I don't think if someone truly had their account compromised that they are responsible for repaying the scam victims.
I Vote for Option no 3 because I am victim of hack and have very big lost but still believe its also my fault because I check Legendary and green trust not gone in full profile for any specific information about change of password and email if I check before sending then surely I am not going to send big amount to hacker but account holder is also guilty using very weak password and compromised computer without any protection
In the case that the lender did not check whether there were password / email changes and/or request a signed message, I would blame the lender as per option:
Otherwise I'm inclined to vote for:
There is no way for someone to become 'unhackable' as there are differentiating and sophisticated (targeted) approaches. In case someone used a very weak password, it would be a nice gesture to admit this and pay the caused damages.
Quote
The lender. They should have asked for a signed message.
Otherwise I'm inclined to vote for:
Quote
Both should take responsibility and each pay half of the damages.
There is no way for someone to become 'unhackable' as there are differentiating and sophisticated (targeted) approaches. In case someone used a very weak password, it would be a nice gesture to admit this and pay the caused damages.
If someone you loved was raped, who's fault is it?
Let's say she was drunk and in a short skirt just got out of a club. Would that really be her fault if someone had sex with her without consent? NO! That's victim blaming which is completely not ok. Ever. It's the rapist's fault. They raped her. Victim blaming happens constantly on this forum. It's not ok.
I see hacked accounts every single day here. It sucks. I hate seeing people's reputations get ruined for a few bitcents. The hackers are to blame of course but assuming you ever find them, would you ever really sue them for the $100 in damages? Obviously not. So it sucks (I know I already said that) but someone needs to take responsibility. Who should it be?
No matter what security you use, whether you're using a very secure computer or you use the same password on every website there's one person to blame: the hacker. Yes you should protect yourself but that doesn't mean it's your fault if you get hacked.
I really hope I never get hacked. Ever since I've joined bitcointalk I've been so much more careful with security so I hope that means I never get hacked. The problem is I've seen people turn on each other like wild wolves here.
Maybe let's come up with some kind of consensus. Let me know if there is a better option that should be in the poll that I didn't think of.
Let's say she was drunk and in a short skirt just got out of a club. Would that really be her fault if someone had sex with her without consent? NO! That's victim blaming which is completely not ok. Ever. It's the rapist's fault. They raped her. Victim blaming happens constantly on this forum. It's not ok.
I see hacked accounts every single day here. It sucks. I hate seeing people's reputations get ruined for a few bitcents. The hackers are to blame of course but assuming you ever find them, would you ever really sue them for the $100 in damages? Obviously not. So it sucks (I know I already said that) but someone needs to take responsibility. Who should it be?
No matter what security you use, whether you're using a very secure computer or you use the same password on every website there's one person to blame: the hacker. Yes you should protect yourself but that doesn't mean it's your fault if you get hacked.
I really hope I never get hacked. Ever since I've joined bitcointalk I've been so much more careful with security so I hope that means I never get hacked. The problem is I've seen people turn on each other like wild wolves here.
Maybe let's come up with some kind of consensus. Let me know if there is a better option that should be in the poll that I didn't think of.
Jump to: