Pages:
Author

Topic: MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info - page 7. (Read 28778 times)

full member
Activity: 210
Merit: 100
It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalksearch.org/topic/please-delete-131574 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory.

I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do.


We?  Who the fuck is We? You? lol.

"We will see what we can do" as in Piuk and I together, idiot.
legendary
Activity: 1358
Merit: 1003
Ron Gross
tl;dr:  Use a decentralized client, rather than a centralized web service.


What are some other options, besides the downlaodable one?

You mean downloadable ones, right?

http://bitcoin.org/clients.html
legendary
Activity: 1358
Merit: 1003
Ron Gross
tl;dr:  Use a decentralized client, rather than a centralized web service.


That's not the correct tl;dr.

Blockchain.info is a vital part of Bitcoin as it stands today - it's such a great boost to introduce new users.

All other clients are nowhere near it on pure usability.
Yes, you compromise some security/anonymity ... but it's a tradeoff users need to make.
newbie
Activity: 40
Merit: 0
tl;dr:  Use a decentralized client, rather than a centralized web service.


What are some other options, besides the downlaodable one?
legendary
Activity: 1596
Merit: 1100
tl;dr:  Use a decentralized client, rather than a centralized web service.
full member
Activity: 238
Merit: 100
IANAL, and I may have missed something, and I don't mean to put myself on the either parties site, but have blockchain.info not violated the UK's Data Protection Act?
blockchain.info is hosted in the UK (according to whois), and private information (phone number) has been disclosed from the blockchain.info database.
legendary
Activity: 1358
Merit: 1003
Ron Gross
A technical questions:

So what if an address is a SHA 256? How does that remove any lookup ability? To lookup by address, just hash it and look up the hash. It removes the ability to lookup, per given wallet ID, what addresses it owns - not the other way around.

You'll find that Piuk has already answered this question.  The address is hashed with a secret key.  Without the secret key, you can't generate the right hash to look up:

. . . Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address . . .

Thanks, these were a long couple of threads, didn't follow them both till the end.
sr. member
Activity: 276
Merit: 251
full member
Activity: 126
Merit: 100
I'm kinda new here, but why on earth does blockchain.info give other individuals access to the admin cp?
Who else has access to this?
That is rather disturbing.
Can I get admin access? Cheesy
In fact i don't think it would be a bad idea if anyone could draw attention to a revolutionary new currency it would be through honesesty and openness..
newbie
Activity: 40
Merit: 0
Looks like the damage was already done.
legendary
Activity: 3472
Merit: 4801
I'm kinda new here, but why on earth does blockchain.info give other individuals access to the admin cp?
Who else has access to this?
That is rather disturbing.
Can I get admin access? Cheesy

This has already been answered and addressed:

Why is even possible?
Wallet are stored fully encrypted, so they appear as random text to us. However when notifications are enabled the client extracts the public keys from a wallet and asks blockchain.info to subscribe to those addresses. The ability too lookup a wallet using this information was added so that when newbies come to us and say "I just created a bitcoin wallet, but forgot to record the wallet identifier how can get I get my money back?" we can ask for their bitcoin address or ip and and are normally able to recover the identifier.

Why does Roger have access to the blockchain admin panel
He owns a minority stake in the company and helps with support. His funding has been tremendously helpful in allowing me to work on the Site full time, buy new servers, security hardware and fund free features.

Who else has access to this information?
Me, Roger and a customer support agent.

What has been changed
  • Roger and the support agent's access to this information has been revoked.
  • Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
  • The secret phrase is now no longer shown to any admins

Can blockchain.info access funds the funds in my blockchain wallet?
No, the information available gives only enough information to prove the user may own a wallet with that address. He could not have accesses the wallet, even if he had wanted to. No other individuals have access to the blockchain.info servers or code apart from me.
newbie
Activity: 40
Merit: 0
I'm kinda new here, but why on earth does blockchain.info give other individuals access to the admin cp?
Who else has access to this?
That is rather disturbing.
Can I get admin access? Cheesy
legendary
Activity: 3472
Merit: 4801
A technical questions:

So what if an address is a SHA 256? How does that remove any lookup ability? To lookup by address, just hash it and look up the hash. It removes the ability to lookup, per given wallet ID, what addresses it owns - not the other way around.

You'll find that Piuk has already answered this question.  The address is hashed with a secret key.  Without the secret key, you can't generate the right hash to look up:

. . . Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address . . .
newbie
Activity: 44
Merit: 0
What was achieved today?

Quite a few things:

My question was in relation to posting of customer information - most of your points weren't achieved specifically due to customer information being posted or could have been achieved in a variety of other, less damaging ways.  The remaining achievements don't seem - to me at least - to be worth the probable damage done.  ...and this is without even discussing the possible impact on innocent people when posting information that you don't know for sure is the scammer, legal implications of releasing info, etc.

Scamming isn't new - it is just different with Bitcoin.  There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away.  They aren't posting customer info publicly everywhere, so why should a Bitcoin business trying to project a positive, professional image of Bitcoin resort to public shaming as the solution to their scamming?
legendary
Activity: 1358
Merit: 1003
Ron Gross
What has been changed
  • Roger and the support agent's access to this information has been revoked.
  • Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
  • The secret phrase is now no longer shown to any admins

piuk, +10 for swiftly dealing with this.

A technical questions:

So what if an address is a SHA 256? How does that remove any lookup ability? To lookup by address, just hash it and look up the hash. It removes the ability to lookup, per given wallet ID, what addresses it owns - not the other way around.
legendary
Activity: 1680
Merit: 1035
So much bullshit over a guy doing private detective work to get his company's money back.
And violating the terms of a privacy statement in the process.

Luckily, one of those things has now been fixed.
legendary
Activity: 3472
Merit: 4801
. . . Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website . . .
Hashing it would not prevent looking it up . . .
I don't believe I requested hashing of anything.
Shut the fuck up . .  .

Huh

You quoted me saying nothing about hashing, and responded to my quote by stating that hashing wouldn't prevent looking up information.

Where is this hostility coming from?
legendary
Activity: 3472
Merit: 4801
So much bullshit over a guy doing private detective work to get his company's money back.
And violating the terms of a privacy statement in the process.
Pages:
Jump to: