Pages:
Author

Topic: MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info - page 8. (Read 28775 times)

full member
Activity: 126
Merit: 100
It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalksearch.org/topic/please-delete-131574 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory.

I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do.


We?  Who the fuck is We? You? lol.
full member
Activity: 210
Merit: 100

I'm not sure I see it the same way.

Roger at best made an error in judgment, something I or anybody else could do on account of being human.  The activities he engages in to promote Bitcoin paint a much clearer picture of where his interests lie.

For example, everybody knows that the biggest weakness of a "Casascius Coin" is the fact that "Casascius" could know the private key.  The answer isn't "push Casascius out",

Well, of course you couldn't be pushed out, but if you started acting in a devious, unprofessional and untrustworthy way, then no one should buy your coins.

There's an element of trust in every commercial transaction, not just with Bitcoin. Obviously some involve more trust than others, but no matter what, I never do business with untrustworthy people, no matter how secure the system.
sr. member
Activity: 434
Merit: 250
So much bullshit over a guy doing private detective work to get his company's money back.
hero member
Activity: 504
Merit: 500
WTF???
. . .

Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website:

https://blockchain.info/wallet/anonymity

. . .

The only shock was that another business managed to access this information, and that has been addressed appropriately.
Hashing it would not prevent looking it up if programmed that way. But would prevent it from being plaintext in the database. You can't hash the email or the sms because you use those to send notices.
I don't believe I requested hashing of anything.

Shut the fuck up. I didn't say you did. I'm asking for IP's to be hashed as well, and they can still be looked up problematically.
legendary
Activity: 1680
Merit: 1035
What was achieved today?

Quite a few things:

1) Blockchain.info identified a possible software security issue and patched it
2) Blockchain.info identified a situation that may cause a conflict of interest, and resolved it.
3) The community as a whole was made aware of the issues that may arise from conflicts of interest, poorly worded TOS, and public sharing of information.
4) People and business owners got to discuss and brainstorm how to deal with these situations, and have made their own conclusions along with differing alterations to their TOS. Specifically regarding how to deal with private information, whether to share info on suspected scammers amongst other businesses, etc.
5) We got rid of at least one dishonest person. Whether he is a scammer or not (I don't think think he was), what he did want right, and Roger got 100% conclusive evidence of that (blockchain.info's anonymizing addresses are NOT one-time use like the guy claimed).
5a) We maybe have sent out a warning to others that you're not as safe as you think you are, and your specific country's laws may not protect you, so it's best to start maintaining a clean reputation record now.
legendary
Activity: 1372
Merit: 1008
1davout
I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?
Just wait for someone to tell Apple blockchain.info is a Bitcoin wallet that can send coins and not simply a "transaction viewer", it'll get pulled in the next ten minutes.
legendary
Activity: 873
Merit: 1000
Roger at best made an error in judgment, something I or anybody else could do on account of being human.

like this?

I value privacy.  My sharing of this was with much reluctance.
https://bitcointalksearch.org/topic/m.1186888
legendary
Activity: 3472
Merit: 4801
. . . What was achieved today? . . .
At least, blockchain.info has improved their security by removing access from an individual who would otherwise abuse that access when they are frustrated with a customer of their other businesses.

At best, other businesses are hopefully looking into who has access to the information in their databases and making sure that they limit that access appropriately to prevent getting caught up in similar conflict of interest situations in the future.

This is no small thing.  Had there not been this "uproar", Roger would still have inappropriate access to that data and could leverage that access against other customers in the future, and other businesses wouldn't have had this "wake up call" to give them an opportunity to review who has access to their data.
full member
Activity: 182
Merit: 100
WOW .... Roger Ver single handily  tarnished his reputation and the reputation of BlockChain.info for some 4.x BTC ... INCREDIBLE!

I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?

Would you trust your personal information to BitInstant after we have seen what Roger is capable of doing with it? I would not.
And you're an absolutely perfect angel?

No I'm just an angel ... Cheesy and ... WHAT???
legendary
Activity: 1400
Merit: 1005
WOW .... Roger Ver single handily  tarnished his reputation and the reputation of BlockChain.info for some 4.x BTC ... INCREDIBLE!

I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?

Would you trust your personal information to BitInstant after we have seen what Roger is capable of doing with it? I would not.
And you're an absolutely perfect angel?
legendary
Activity: 1400
Merit: 1005
I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

I'm not sure I see it the same way.

Roger at best made an error in judgment, something I or anybody else could do on account of being human.  The activities he engages in to promote Bitcoin paint a much clearer picture of where his interests lie.

For example, everybody knows that the biggest weakness of a "Casascius Coin" is the fact that "Casascius" could know the private key.  The answer isn't "push Casascius out", rather, the answer may very well be in the form of bringing affordable two-factor physical bitcoins so the trust footprint can be reduced.  That's what will benefit Bitcoin in the long run.

The best thing for Blockchain.info would be to recognize where its soft spots are, and actively work to harden them.  Personal information stored on Blockchain a problem?  What's better, push Roger out due to public outcry, or release something that makes it more the default to not store personal information on their servers?  The second is by far a better long term solution, something Roger would almost certainly agree with, as I can't imagine his involvement and investment is just so he can chase down 4 BTC accidentally sent to his customer.


It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence trolling and hate on the part of the owner of Memory Dealers, Roger Ver trolls and haters which did nothing for the community. This https://bitcointalksearch.org/topic/please-delete-131574 behavior; publicly displaying the details of a private individual scammer and labeling them a criminal would at best seem morally dubious and at worst defamatory a mistake driven by anger.


FTFY

I'm afraid I have no idea what this: "trolls and haters which did nothing for the community" means in the context of my statement. I get the distinct impression that neither do you.

I'm afraid you understand perfectly, so do I. Blockchain is a superb service, second to none. Roger has an extensive, historic, work towards the success of bitcoin. Who are the trolls posting here (including you), and what did they give to the community ?
I completely agree with the both of you.

Roger did indeed abuse his access to blockchain.info's admin side, but it's the sort of not-so-obvious mistake that many of us could make.  He had access to the data he needed, why not use it?  At least, that's the mindset he was in at the time.  And he never released any of the private information to the public until the scammer himself did.

He has been a key player in the move to get more people using Bitcoin.  He can learn from his mistake and continue on, a better businessman because of it.  Let's not throw the baby out with the bathwater.
full member
Activity: 182
Merit: 100
WOW .... Roger Ver single handily  tarnished his reputation and the reputation of BlockChain.info for some 4.x BTC ... INCREDIBLE!

I wonder how long will Apple take to take down the IOS app for blockchain.info after they learn about their lax security practices and abuses?

Would you trust your personal information to BitInstant after we have seen what Roger is capable of doing with it? I would not.
newbie
Activity: 44
Merit: 0
tThe negative image others try to pin on Bitcoin is not that it's only being about scams. The negative image is that Bitcoin is full of scams, and that we either don't ever do anything about it, or run to the police contrary to our free-market beliefs. Regardless of whether asking police for help is hypocritical or not, it is simply not effective on a global scale Bitcoin operates on. So the only solutions we have are 1) whine about it and keep getting scammed, 2) go to the police who ignore us, and keep getting scammed, or 3) live up to the "horrible free-market" ideals we get ridiculed for, and actually take care of the scamming ourselves.

We tried 1 and 2

What was achieved today?

No one was successful in guilting the scammer into returning the money - they still have it.  The scammer had their personal information posted publicly on the internet, so now they have a personal vendetta against Bitcoinstore and Bitcoin in general - they'll probably be back to troll Roger and post all over the place about how Bitcoin businesses post your private information which will scare newbies.  The scammer wasn't even really a scammer - just a coward who decided to not do the right thing, but is now an active agent against Bitcoin.

Bitcoinstore is still out $60.  They'll probably have fewer transactions than they would have from legit customers due to the FUD of what exactly their privacy policy is and whether or not they can be trusted.  They also unfortunately look less professional and petty for breaking their own privacy policy over a $60 mistake.

Blockchain.info and other businesses got roped into the same FUD.

Have we prevented any future scamming from happening from this guy?  Probably not - the original scammer wasn't ever really a scammer, so the chances of them having tried something in the future were unlikely to begin with.  Their personal info is now public (assuming everything was actually theirs) if they did try to scam in the future, but all they need to do is sign up for a free email address and start using their friend's name & street address in the future.

Have we scared other scammers from trying stuff in the future?  Probably not - if anything the publicity just emphasizes some of the issues that Bitcoin businesses are wrestling with and is more likely to attract more scammers trying to exploit these issues.

Does the public see the Bitcoin community "cracking down" on scammers and getting the problem under control?  Nothing was achieved, so I would doubt it.
legendary
Activity: 3472
Merit: 4801
. . .

Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website:

https://blockchain.info/wallet/anonymity

. . .

The only shock was that another business managed to access this information, and that has been addressed appropriately.
Hashing it would not prevent looking it up if programmed that way. But would prevent it from being plaintext in the database. You can't hash the email or the sms because you use those to send notices.
I don't believe I requested hashing of anything.
hero member
Activity: 504
Merit: 500
WTF???
What has been changed
  • Roger and the support agent's access to this information has been revoked.
  • Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
  • The secret phrase is now no longer shown to any admins

What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.
. . .This was a shock to many people that you save this kind of information when previously it was said that no tracking information was kept.
Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website:

https://blockchain.info/wallet/anonymity

Quote
. . . When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key). . .
. . . We log the internet IP address a wallet was created with and the ip the wallet was last updated with . . .

The only shock was that another business managed to access this information, and that has been addressed appropriately.


Hashing it would not prevent looking it up if programmed that way. But would prevent it from being plaintext in the database. You can't hash the email or the sms because you use those to send notices.
legendary
Activity: 3472
Merit: 4801
What has been changed
  • Roger and the support agent's access to this information has been revoked.
  • Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
  • The secret phrase is now no longer shown to any admins

What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.
. . .This was a shock to many people that you save this kind of information when previously it was said that no tracking information was kept.
Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website:

https://blockchain.info/wallet/anonymity

Quote
. . . When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key). . .
. . . We log the internet IP address a wallet was created with and the ip the wallet was last updated with . . .

The only shock was that another business managed to access this information, and that has been addressed appropriately.
legendary
Activity: 1099
Merit: 1000
It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence trolling and hate on the part of the owner of Memory Dealers, Roger Ver trolls and haters which did nothing for the community. This https://bitcointalksearch.org/topic/please-delete-131574 behavior; publicly displaying the details of a private individual scammer and labeling them a criminal would at best seem morally dubious and at worst defamatory a mistake driven by anger.


FTFY

I'm afraid I have no idea what this: "trolls and haters which did nothing for the community" means in the context of my statement. I get the distinct impression that neither do you.

I'm afraid you understand perfectly, so do I. Blockchain is a superb service, second to none. Roger has an extensive, historic, work towards the success of bitcoin. Who are the trolls posting here (including you), and what did they give to the community ?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

I'm not sure I see it the same way.

Roger at best made an error in judgment, something I or anybody else could do on account of being human.  The activities he engages in to promote Bitcoin paint a much clearer picture of where his interests lie.

For example, everybody knows that the biggest weakness of a "Casascius Coin" is the fact that "Casascius" could know the private key.  The answer isn't "push Casascius out", rather, the answer may very well be in the form of bringing affordable two-factor physical bitcoins so the trust footprint can be reduced.  That's what will benefit Bitcoin in the long run.

The best thing for Blockchain.info would be to recognize where its soft spots are, and actively work to harden them.  Personal information stored on Blockchain a problem?  What's better, push Roger out due to public outcry, or release something that makes it more the default to not store personal information on their servers?  The second is by far a better long term solution, something Roger would almost certainly agree with, as I can't imagine his involvement and investment is just so he can chase down 4 BTC accidentally sent to his customer.
hero member
Activity: 504
Merit: 500
WTF???
What has been changed
  • Roger and the support agent's access to this information has been revoked.
  • Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
  • The secret phrase is now no longer shown to any admins

What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.

Would you consider hashing the IP addresses for privacy? With a secret key, you could easily verify previous access as the creating IP address or the most recent address but could shield privacy further. This was a shock to many people that you save this kind of information when previously it was said that no tracking information was kept.
full member
Activity: 210
Merit: 100
It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalksearch.org/topic/please-delete-131574 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory.

I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do.

Pages:
Jump to: