Topic: MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info - page 12. (Read 28775 times)

I agree, which is why I have posted about the violation of blockchain.info's privacy policy.  This does fall under a reasonable definition of dishonesty, right?

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  They could not know in advance that MemoryDealers would abuse the access allowed them as an employee.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.

you cant be serious. I personally wish everyone would always post all information publicly about any and all fraud/dishonesty. It would help to lessen the need for the use of violence in resolving disputes.

He was given access to this information because I was getting bogged down in support tickets and Roger kindly offered to help with some of them. Requests to recover lost identifiers are one of the most common queries. At the time it had not occurred to me that there could be a conflict of interest. In the blockchain.info thread I posted that a minority stake in the site had been sold, but did not specifically mention the admin panel.


Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address.

I'm sure this is just a lack of comprehension on my part, but what would prevent someone from calculating the SHA256 of a bitcoin address on their own, and using that to look up the wallet? Does the SHA256 include a secret key as well as the address, to prevent others from calculating the hash?

Roger,

I hope you have learned from this situation. You should thank the guy who possibly has been dishonest with you, because it served as an example to improve the services that you have participation.

Piuk, hope you learned too. Thanks

Edit: My post edited in light of the new info surfacing. Didn't know Roger did support at blockchain.info.

Piuk,

I am trying hard to trust you and your business.  For now I will take you at your word.  Please don't make me regret that action.

If you can assure me that nobody from bitcoinstore.com (including Roger) will have access to look up user's personal information (by bitcoin address, email address, SMS number, IP address, or any other method)

Then this satisfies my request that blockchain.info:

Immediately sever all relationships with other businesses, removing admin access from anyone who would use that access to benefit their other business.

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  They could not know in advance that MemoryDealers would abuse the access allowed them as an employee.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.

A+ response piuk - this is the kind of professionalism Bitcoin businesses need to be exhibiting if the Bitcoin community and Bitcoin businesses want to be taken seriously by those outside of the community.

Is this the company I'm thinking of or is it someone else?

+1.

The difference between how Blockchain and MemoryDealers handled the problem is like night and day.

Blockchain immediately recognized a problem and swiftly corrected it without histrionics or drama.

Thanks for the quick response and action, this is good to see.

Thank you

Good show. Quick, reasonable and effective countermeasures.

EDIT: As you are now the sole person that has access to the site's full features, please remember to store admin login credentials with a lawyer in case you get hit by a bus.

I support too, but they need to learn from their mistakes and be honest on their business.

What happened
I do not know the sepcifics but there was some disagreement between Roger and a customer of bitcoinstore.com. The customer claimed not to own a particular bitcoin address that a incorrect amount had been refunded to. Roger used his access to the blockchain.info admin panel to lookup the information on a wallet which held that bitcoin address. This email address associated with the wallet and the email address of the customer matched.

Why is even possible?
Wallet are stored fully encrypted, so they appear as random text to us. However when notifications are enabled the client extracts the public keys from a wallet and asks blockchain.info to subscribe to those addresses. The ability too lookup a wallet using this information was added so that when newbies come to us and say "I just created a bitcoin wallet, but forgot to record the wallet identifier how can get I get my money back?" we can ask for their bitcoin address or ip and and are normally able to recover the identifier.

Screenshot of Admin Panel:



Why does Roger have access to the blockchain admin panel
He owns a minority stake in the company and helps with support. His funding has been tremendously helpful in allowing me to work on the Site full time, buy new servers, security hardware and fund free features.

Who else has access to this information?
Me, Roger and a customer support agent.

What has been changed

• Roger and the support agent's access to this information has been revoked.
• Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
• The secret phrase is now no longer shown to any admins

What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.

A wallet can be looked up by SMS number or email if that information has been added in [Account Settings].

Can blockchain.info access funds the funds in my blockchain wallet?
No, the information available gives only enough information to prove the user may own a wallet with that address. He could not have accesses the wallet, even if he had wanted to. No other individuals have access to the blockchain.info servers or code apart from me.

Maybe this talks good about Roger. Who, besides making mistakes from time to time, has an extensive history for supporting and developing Bitcoin worldwide. Trolls in this thread all summed up, have done less than 0.001% that Roger made in the benefit of the community.

And blockchain.info service and features are awesome. I support both Roger and blockchain.

Yes, when a partial owner of a business acts in a manner that damages the reputation of the business, it affects the reputation of all the stakeholders in the business.  This is why it is important to be careful about who you get involved in business with.

The main problem here is that now it's also hard to trust Piuk ...

So, blockchain.info gives out admin access to co-owners ? What would they need this access for ? Wouldn't RV be considered a 'share-holder'. Is it the norm to give 'share-holders' the key to were the business operates?