Topic: Freebitco.in openly posting user data (Read 827 times)

I just wonder what happen in this situation:

İf i saw the one referral who has many(which is not mine and im just jelious) and just registered with this referral with many accounts. Then ll u ban main one? Whats your solution for this?

I will edit the OP as well, just please message me @TheQuin once you remove that link.

If the pastebin data can not be removed then at least remove the reference link on the feedback you left for Adriano2010. I think this will cool down the entire issue a bit since there will be less trace for the data reference. Good to hear about the promise of future incorporation.

I hope you will have no confusion of understanding that publishing such data is not correct by any means.

Thanks for the suggestion. I'll try to incorporate that in future. It's too late to change it this time as it all republished automatically elsewhere.


We did previously have a system in place that automatically blocked bots that made an infeasible number of rolls over a period of 5 days. The problem is that they soon work out the limit and stay below it. Why not run 3x the number of bots 8 times a day?
The same goes for every detection system I have been able to come up with. The one idea that I had that has drastically reduced abuse is to leave them to waste several months getting a balance they can withdraw and then blocking the withdrawal for a manual review. That way they then have to spend several more months to find out if they correctly guessed how I caught them.


The intention was never to scare them away, just to refute their claim that I scammed them.

I know I got angry and overreacted to some things here and I'll try to do better in future. I don't want to scare anyone away.

This evidence is mostly meaningless unless you can be trusted to provide truthful information, in which case you could just say "auto-generated e-mail addresses" and "same AWS subnet" instead of posting actual e-mail addresses and IPs. Or post them hashed. Or ask a third party to verify.

Another thing that stood out in one your debates with a supposed abuser is that you're saying it's obviously a bot if they run it 24/7... if it's obvious why are you allowing it? Why not limit to 16 claims per day or whatever is "human". Or at least ban them after a week instead of letting the whole farm run for months and then get to the point where you feel you have to post e-mails etc to defend yourself.

I understand that this business attracts all sorts of shitheaded freeloaders but you're not going to scare them away by posting e-mails publicly. You might scare away good customers though.

The bit I'm struggling with here is how I can prove multi-accounting if I can't show the account details.

I did mention earlier in the thread that we are in the process of getting our lawyers to draft a more professional ToS. I kind of like the old one because it is short enough and to the point that nobody has an excuse for not reading it but times have moved on from it just being a hobby site.

That is why I stopped discussing because after I understand your part, I agreed that you were not completely wrong. I guess everything is good now but the community just demands a little bit more privacy promise. Maybe you need to mention in terms and conditions, if it's legal, that abusing our services might lead to legal investigation.

I will have a look to see how they do that and if there is any way I can do things better.

My point is that I did keep the user's details confidential. The thief here is the account that referred all those bots. If you look at what I published the first 300+ are not even email addresses. They are just random letters like someone punched the keyboard and added an email domain. Those accounts can only make a few rolls before they get blocked at the email verification stage but with hundreds of them significant referral income is stolen.
For the last 38 the thief came back 2 years later and got themself a bot capable of signing up the emails accounts.
The fingerprinting gives a probability in line with a Bitcoin collision that they are different people and the usage pattern is also impossible:

You're not getting the point here. If I purchase a product from amazon and make a complaint while no matter how dissatisfied and unhappy amazon are with my complaint, they will not publish my personal data without my written approval.

There are so many accusations against so many trusted websites here almost daily, but there is a manner in which they must be handled. Check accusations against sportsbet.io for example, they answer with proofs while still keeping the user details confidential.

For example, check this: https://bitcointalksearch.org/topic/scam-sportsbetio-seized-my-profits-5266626

You need to counter accusations made against you professionally, you cannot act angry and do things in rage without being concerned about someone else's privacy. I know you made a mistake wasn't intentional, but at least realize the mistake now and remove the pastebin content.

if you posted as a guest, you made a blunder to be honest because even if you wanted to publish some proofs, you should have uploaded at freebitco.in on some page.. Now at least realize the mistake and promise members that you won't be doing it again, is your best case here seriously.

The whole point of me publishing it was to prove beyond all reasonable doubt that they were not real people and were in fact fraudulent accounts of a bot. I really don't know how I'm supposed to defend myself against the botter's accusations without showing the evidence.

I meant if it's really not personal information or bot for sure that does not matter. If this is bot still there are no way to verify as mentioned by other users. One mistake can expose someone's privacy. Most importantly this kind of practice is very risky for the clients in your platform. They know that their personal information are at risk.

How can you say in all seriousness "It does not matter what's in there"? That's the only thing that does matter.

I did not publish any personal information.

A clown reported my statement, so I make it again, no worries.
The context was about publishing proofs for this thread (Freebitco.in scam me 0.004 bitcoin), and he did not reveal real email and IP address.

Have a nice day.

That pastehin was posted as a guest so it's impossible to remove it now.

You have not removed the pastebin data yet. It does not matter what's in there (bot or no bot), you should be removing the data from there. We can argue about the rest and spend days about what is right and what is wrong but this should be removed. At least on this forum I am sure you know that no one is going to encourage you to keep it as it is.

Maybe you nailed it in the first 4 words. It is an accusation that I have responded to before but it seems pointless to keep repeating it when no real evidence is produced. Someone said it happened or stats isn't proof.


Our ToS is only subject to the laws of the country we are registered in.

edit: for clarity

I think this is often the source of confusion


the definition of "offer their services in".

I don't think this will hold up in court.

I'm pretty sure this is illegal in at least all EU member states, and I'm pretty sure that's valid for websites that offer their services in EU countries.

Your ToS is not above the law (and even criminals have rights).

I just checked FreeBitco.in:
Talking about conflicts of interest, I'm still curious why TheQuin didn't respond in Freebitco.in provably cheating:
Let me quote my post from years ago:
There's no hard evidence, and I don't want to do 30,000+ faucet rolls myself to create circumstantial empirical evidence, but I sure as hell don't trust the site! The fact that this plausible accusation gets ignored makes me believe it even more.

Don't quote me out of context. I also said:


I agree with you that posting IP and email doxes in public is a stupid idea, hence why I said it's better to share this stuff (well, sell actually, as these are businesses), with other competing casinos since chances are if a multiaccounter is abusing faucets with bots chances are they're doing the same for others also.

And then on their own side just close the offending accounts, which they seem to already do. People who come here to appeal just PM them the evidence instead of making a public post about it. If they continue to whine about it just block their messages.

Freebitcoin's obviously the biggest target of these abusers (just look at their name) so naturally they most likely have the biggest database of bot email and IP info. And then they actually make [back potentially lost] money from selling this, other casinos can weed out their abusers all while preserving the privacy of abusers.

---

LOL! 😂  busted.

---

The problem is they're just going to stop leasing the AWS IPs and then you have a list of IPs that point to nowhere or worse, someone's private proxy (you need to hold a certain balance to be allowed to play from one anyway though).

I don't see why you don't simply block fake email addresses from registering though, wouldn't that solve 90% of the problems with fake accounts since they then need a bunch of phone numbers to make equivalent Gmail or Yahoo addresses?

If it is that I really don't see how publishing what is effectively a list of fake IDs used for fraudulent purposes poses any threat to anyone's privacy.

Pretty scary for average users like me that some people can just put up some flags on you because "personal". With this thing continuously happening in this forum, we will eventually look like China where everyone we dislike, we censor by making them flagged.