Topic: Is Theymos anonymous? - page 3. (Read 7366 times)

Hey Goat! What's today's reason for being butthurt?

Nobody said OP's question was invalid, he's just looking for answers in the wrong places, namely this forum.
My suggestion would be to skip the forum's trust system altogether and use bitcoin-otc.com which is much simpler and straightforward and doesn't have the bizarre concept of "default trust".

I think some of you are misinterpreting my statement, which is understandable because it wasn't too clear. By "I have a pretty decent idea of what it takes to run a site using someone else's forum software" I meant that I had a sense of the resources it takes to do so, not that I'm familiar with the day to day technical process. I know people who run forums, I know roughly how much they spend on them, and I know how good their forums are. I know that bitcointalk doesn't look like a forum with 600k in funding.

You have correctly identified that I know almost nothing about XSS. I wasn't relying on my technical experience to give credibility to my XSS concerns. I pointed out my background to call bullshit on the idea that someone was spending $600k on this forum. Theymos basically confirmed that by saying that the 600k hasn't been spent.

No you misunderstand the trust system, yeah we get it, we don't have to trust anyone or use any list, but the fact is at some point you have to use the list that the majority of the group uses. So you have these default list, which the majority of the new users use, while old users are not forced to use, now have too. I used satoshi as a my default for a while then people were leaving me bad feedback and FALSE feedback and I had then switch to monitor that. Which is still something not fixed.

I trusted him not to abuse his power. Mostly because he had much to lose and almost nothing to gain by doing so, not because I thought that he was particularly ethical. And I was right: he didn't abuse his power in any noticeable way.

No. That's not how the Trust system works. There's a reason why trust lists and trust ratings are separate. You can trust that someone is not a scammer but not trust them to have a good trust list, and vice-versa. Listing someone in your trust list indicates only that you like their ratings and/or trust list in some way (defined by you). With the default trust system, my goal is to maximize the number of default-trusted ratings while minimizing the number of incorrect ratings (especially negative ones). There haven't been any major failures in this area.

There actually isn't a way to vouch for someone in the trust system if you use it properly. There are only trust events which are interpreted by users, and trust list relationships which are mostly unrelated to real trust. This is why I kept my positive trust rating of TF even though my overall trust in him has diminished. My personal history with TF has not changed. My trust in him has diminished, but only because of how I am interpreting other trust events. My own history/rating is still relevant to the full picture of TF's trustworthiness in my mind, and it may still be relevant to others.

Your misunderstanding of how the trust system works is one reason why you are not in DefaultTrust.

No. The damage someone in DefaultTrust can do is very limited, so a lot of trust isn't required. I've actually long been suspicious of TradeFortress because he was holding too much BTC, CoinLenders looked like a HYIP, and I've heard some suspicious rumors about him. But I thought that he was very unlikely to go totally crazy with trust. (And he didn't.)

He was on DefaultTrust because his trust list was good. There were only a few problems that ever resulted from his list, but he brought many good people into the trust network. He also seemed to understand the trust system more than anyone else, and he paid the most attention to trust activity across the trust system.

yeah, Theymos, would you mind telling us the reason Tradefortress was on the default trust list? My speculation was that he had "disclosed security flaws in a responsible manner" as your feedback for him said, but was that the reason or was there another reason?

Ask anyone on the default trust list (or any of the moderators) how well they know me... I don't need to be friends with people to identify them as good moderators or trust-list-builders.

Where'd you get that impression? I defended his Ripple-related actions once, and my opinion of that case hasn't changed. But I barely know him.

I'm not a sociable guy. There are few people in the Bitcoin community who I have any sort of casual relationship with. AFAIK, I've met a grand total of two forum users AFK.


It's provable via the block chain that that money hasn't been spent, and I don't even hold a lot of that money.

Your question seems to imply that I'd have some way of knowing. I don't. I do know that money does strange things to people, so the correct course of action is to avoid the problem altogether by ensuring your very own safety.

You'd want the benefits of being your own bank without having your own bank to protect?

It's not an either/or. Would you not care if theymos was using people's bctalk passwords to try to crack the web wallet passwords of newbs, as long as it didn't affect you?

Sale/purchase of forum accounts is openly permitted, hence the indirect rape.
Just don't trust the forum.



Stick to development, you're not ready for management.
If there was a magical open source silver bullet it'd be used already. Otherwise it has to be tailor-made, see previous post.



Everyone is responsible for their own safety, knowing that nobody will ever bail you out, or protect you is a much saner mindset than the "let's protect dumb people from their own stupidity and incompetence" fantasy.



What?

...right.

Anyways, theymos is asking SMF for an exception so the forum's modifications can be audited. so you can audit with to your heart's content.

Being indirectly raped by theymos still sounds suboptimal.


I've been a professional software developer for almost 10 years, I have a pretty decent idea of what it takes to run a site using someone else's forum software.



I'm not asking about my own security. You guys are acting like it's not legitimate to care whether owners of this forum are contributing to newbs and dumb people being stolen from.

Excellent fine, bud. I just found one of Gavin Andresen: http://www.youtube.com/watch?v=vtkflEaeGjo

Obviously not, but at least you have a realistic assessment here. It's just that XSS doesn't work that way.



That is true, dumb people will get raped, probably not by theymos though. Or at least not directly.



TF looks like he's been sloppy, probably not malicious though. But that's just my opinion.



I think there are far more plausible explanations the one you're suggesting.



You seem to assume that transforming money into working software is easy and frictionless. It just isn't, managing an IT project is a full-time job.



You shouldn't need to trust him if you use a different password for all sites you care about and if you assume no PM privacy.
Bottom line, if your security depends on trusting theymos I suggest you review your security instead of looking for reasons to trust him.

Not quite. I'm just wondering how sure we are that Theymos is not the kind of person to try to actively take advantage of the stupidity of people who use his forum.

So, you want to trust theymos to protect people from their own stupidity? Did I got that right?

I'm not a security expert, but if Theymos did want to be untrustworthy, it seems like he's in a better position to do harm than a lot of people:

-Bitcointalk uses Javascript. It is well known that a lot of members here will be on bitcointalk and on their favorite web wallet site at the same time. There may be some XSS opportunity here, though as I said I'm not an expert.

-There are some small % of newb/dumb bitcointalk forum members who probably use a similar password on bitcointalk and on their favorite web wallet. It seems possible that Theymos could somehow get access to people's bitcointalk passwords if he wanted, giving him or his friends a huge password cracking advantage over a random person.

A few small bits of info that I found mildly concerning, and caused me to be curious about Theymos:

-Theymos seems to have been a defender/supporter of TradeFortress. It's possible that they are friends, but I'm not sure. The circumstances around 1 million dollars disappearing from TradeFortress's inputs.io business suggest that TradeFortress may be very shady.

-There are a lot of people on reddit who pop up with stories about how funds were stolen from their hot wallets because they didn't have 2-factor authentication, and they describe having pretty complex passwords. It's somewhat of a mystery how their passwords are being cracked.

-The fact that Theymos allegedly raised like $600k for this forum, yet the forum is not that good technically, is sort of weird and makes me wonder how much of that was actually spent on the forum.

I'm not saying we should suspect Theymos of any nefarious activities, but the above is just why I care more about Theymos's trust level than I care about a random user's.

 

And why do you need to trust him that much, may I ask?