Topic: Instawallet claim process - page 31. (Read 79281 times)

As mentioned earlier, if after the promised 90 days there's not a resolution, there are actual names that can be used in proceeding a legal case.

I'm glad to see that I'm not the only one who sees this as simple common sense, and also that it extends beyond my own culture.  The old 'golden rule' is, I think, almost universal because it is so obvious.  That is why this situation is so aggravating to me.

It cannot be said that Paymium would be expected to cop such an attitude if they were the perps either.  It makes no sense one way or another except that they are just ignorant pricks.

One way or another, the ONLY thing which argues that anyone will get anything in 90 days is simply the ~boussac says so.  That is hardly confidence inspiring to me, and I continue to maintain that taking no concrete action in the interim is irresponsible and negligent and will not help the ecosystem evolve to a more healthy state.

They could literally have Googled "crisis management" or "damage control" and come up with a better plan of action than the one they've implemented.

I understand that not everyone has experience in handling these situations (although an intrusion isn't just a possibility for these services, it's a likelihood) but there's absolutely no excuse for not having a disaster plan for them, and there's especially no excuse for making people pull teeth to get information.  Yes, people were able to track down the real life identities of those behind Paymium - but they should not have had to.  Those people should have been very visible and providing a constant flow of information to users.

The way this incident has been handled doesn't inspire confidence in their ability to handle a critical incident with their paid services.

It's perfectly in line with how I would've handled it, and it's the only way to handle it that makes sense to me. Perhaps there should be a sticky somewhere on the forum where this could be written, so anyone experiencing a break in can see how they should handle it. However, I guess this has more to do with the nature of the person handling such events, than the common sense itself. I think a very good thing to ask oneself is: If I were the victim here, how would I've liked the operator to handle the incident ?

If my bank is saying that I will not be able to access my funds for 90 days and that they'll make a "best effort" to return my funds if my balance is above an arbitrary limit, I'll be contacting the CEO, the board of directors, the Banking Ombudsman, ASIC (regulator for financial services licences) and the media within minutes of reading that article and you can guarantee the Ombudsman will be verifying their claims about any reports to law enforcement and any internal investigations (and will ultimately make his findings public).

Banks typically don't publicly disclose the exact nature of intrusions or the amounts lost to their customers for security reasons.  As their deposits are insured and customer access to their funds is rarely affected by such intrusions (on the rare occasions when it is, banks here typically refund any out of pocket costs suffered by their customers such as dishonour fees or penalties charged by other institutions), it's not really a comparable situation.

Thanks you as always for the valuable information.  One last general question (or two):

 - Is it more obnoxious than helpful to use something like Google Translate to transform from English to French?

 - If I wrote extremely terse English statements, is an automated translator reasonably effective?

Thanks,

 - Tom

edit: fix quotes  And re-arrange format while I'm here:

By the way, in the interest of being a little bit more constructive, let me just mention how I would have handled this situation if I were running Instawallet (and were completely innocent.)

Firstly, I would be ultra-sensitive about the appearance of any sort of impropriety given the nature and history of the services operating within the Bitcoin ecosystem.

I would bend over backward to provide as much information as humanly possible.  The very nature of Instawallet means that communications need to happen in public.  It did not take a lot of insight to see that this would be the case in any situations (including hacks), and if I could not handle that I would not have acquired Instwallet, their user-base, and their funds in the first place.

I would have been giving at least daily updates on all of the steps being taken to resolve this crime, and in particular any and all official legal ones.

In situations where I could not give full information because of a risk that it would damage an investigation by providing the adversary with valuable insight were to high, I would state that there was such information and that I would be releasing it under certain stated conditions.

I would also proactively be providing a channel for individuals to feed information directly to investigators without my acting as a gateway in order to further build confidence among the victims.

I would also be proactively describing the technical aspects of how the service operated and by this time would be giving up some information about how the attacker managed to subvert it.  It's not like the service is ever going to come back on-line and I would be giving up IP or anything like that after all.

A certain segment of the community is capable of fairly accurately judging effort to instill 'confidence' and whether they are legitimate and it good will, or whether they are likely part of a 'con'.  I have found that if one simply tells the plain truth, it is nearly impossible to be caught in a lie and eventually an accurate picture emerges.  That is the best outcome for everyone.  Paymium has failed badly here in my opinion.

If I log on and my funds are not accessible, I call the bank.  If they are acting weird and evasive and I suspect them of fraud, you're damn straight I follow up with the investigators.

Is this not something of a no-brainier?

Ok let me try again : monday morning you read on news, your bank get hacked ! Do you call the police or call your bank for a copy of police report ?

One would expect that even in France being the victim of a criminal action would make one 'involved'.


This sentence is not parsing well for me.  Sorry.  But I thank you for your other input.

You need a lawyer and to be involved in the case then you have access at some part of the investigation.

Lose some coins does NOT mean being involved.



Sony lose your CC number, you ask for a police report ?

I greatly appreciate your input on this ~ghdp.  A couple of follow-up questions if I may:


Can a specialist be retained to file a police report for people who cannot or do not wish to do so in person?  If so, what is the formal name of the vocation(s) who could do such a thing?

Can a person with the correct qualifications gain information on the status of a police report (or whatever the thing which Paymium claims to have filed) on my behalf?  If so, what qualifications might be necessary?

Can individuals who have other information about an incident submit it for attachment to an ongoing investigation such as the one referenced by Paymium (or more correctly, by the person calling himself ~boussac on this forum)?  Again, what qualifications might one need to perform such an operation?

Thanks,

 - Tom

I truly appreciate you, ghdp, taking the time to reply. Your answers seem to make sense, thus finding no cause to refute them. Thanks, bud.


A little terse at the onset, but overall I concur with the sentiment expressed.

Time for a recap, methinks.

(1) Police report was posted. Ignore for a moment the circumstances under which it was posted, and the attitude around it, but acknowledge that for a second: we have a scan of a police report. That's what we asked for, that's what we got, now let's shut the hell up about it. (If you have evidence that it's fake, post it, but if not: see previous sentence.)


(2) Paymium needs someone who handles PR/customer contact for them. Boussac might be a brilliant banker and/or business man, but his ability to stay calm in the face of angry customers will be his (and his company's) downfall.

Boussac, for the love of god, trust me on this: a lot of people here (me included) were, and to a degree still are, very favorably inclined to Paymium's services. But the way your company communicated on this forum caused a lot of damage, and there is no point in blaming anyone else for that yourself. Even if you were somehow morally in the right, I'm pretty sure you know that's not how business works. Fix it, or stop blaming others for it.


EDIT: added clarifying sentence in (1)

What an unbelievable fucking child you are Boussac. You were asked for 2 weeks for the police report (probably 50 times). You ignored the question every time. The first 10 times you were asked in a polite, cordial and respectful manner. No response. Then people got unhappy of course. I explained to you repeatedly that your refusal to answer was THE singular reason why Paymium were suspected of being scammers.

Now suddenly 2 weeks later you provide it, on the French forum, without even bothering to mention it here, and then act all hurt that people have been calling you unprofessional and Paymium untrustable.

I have been doing business in the corporate world for over 20 years, and I have NEVER met anyone before who communicates with such arrogance and immaturity as you do. It is beyond pathetic.

Personally I will NEVER do any business with ANY company that you are associated with. Grow the fuck up man.

I can assure you that Paymium took me for a tiny fraction of my BTC.  I don't need someone to ram it all the way home before they annoy me however.  A difference between Americans and Frenchmen perhaps?

I never added any BTC to my Instawallet after the user-base and funds had been purchased by Paymium.  When I put the funds in, they were worth about $100, and I specifically decided to trust ~jav for a variety of reasons which I have yet to regret.  I was delinquent in removing all of the funds, and for that I take full responsibility.

I actually have someone else to thank for issuing a warning about Paymium being pricks not long before they folded.  At that time I move half of the BTC out and/or gave them away.  Not because of the supposed defect which struck me as a non-issue, but simply for reminding me to do something I'd been neglecting.

It is interesting to note that this 'hack' just happened to have happened at that time.  I have to wonder how common my experience was and how many others had started to draw down their net fiat values from Instwallet at about that time.  That is yet another observation which balances deeply on the 'Paymium are crooks' side of the scale when evaluating the hypothesis.

In complete fairness, let me mention one of the few things which argues that Paymium are NOT crooks:  If they had planned all along to stage a hack, they probably would have taken different steps in terms of how they embraced 'Instawallet' in conjunction with their other efforts in anticipation of certain legal eventualities.  That said, there is so much which is suspicious that the 'are crooks' hypothesis remains extremely strong to me.  Unfortunately the actions and behaviors that they have taken since the 'hack' have almost without exception lent strength to the 'are crooks' hypothesis.

If anyone bothers to read all of my posts on this topic, and especially the earlier ones, they will find that I was not of the mindset that Paymium were likely the perpetrators until some distance into this situation, and until significant failures on the part of our friend Monsewer Ballsack.

There is a police report !

Still better than 99% of pseudoscam on BTCland.


You believe a third party for holding your coin, assume and stop trying to blame someone else

I need somebody to explain to me how this French pseudo police report works.

Can it be done online, albeit I do see a handwritten number on the document?

Is it only done in person?

Does the police officer(?) simply take down the information, then sends you on your way?

Do the police(?) immediately send in computer forensics to make sure a false report wasn't issued, assuring clients that an inside job wasn't in play?

Without forensic specialist reviewing the servers, let alone all the computers the company has access to, what would be the purpose of having such agency in the first place?

If no forensics were performed, and these guys continue forward operating a bank, I pity the fools who deposit funds into their enterprise, with or without a guarantee backed by the state, for they already know that they can simply cry dDoS again, seeing that the culprits have ceased their attack.

To re-ask more specifically, when a police report is made, do computer forensics review the servers and their computer to make sure that nothing nefarious is afoot?

Any semi-competent engineer is going to have source code for a system under revision control of some sort.

Any site like Instwallet will have some for of templating such that specific information is generated while generic 'boilerplate' information that everyone sees is coded.

I wish to see the text that all visitors would see since ~davout's re-implementation.  And I wish to see how and when it changed through time and when.