Offsite Contact Liabilities | Bitcointalksearch.org

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: Wardrick on March 28, 2015, 12:17:01 AM

There's a large amount of scams that can occur that wouldn't require a PGP signed message. Most traders do not have their Skype located in one place, they usually give it out in PM and post it around the forums. Unless they wanted to provide a message each time they gave their Skype name out then that wouldn't work (and people would also have to familiarize themselves with PGP). There would have to be a number of rules and guidelines put in place that would have to be followed, which would definitely not happen. Given all this and the condition fake scam attempts will likely occur regularly, it's more convenient and reasonable to just take responsibility for whatever happens on your account.

Well I personally always refer people to my profile whenever someone asks for my Skype, so they would have to see it. I am telling people what precautions they need to take, and that if they cannot verify a PGP signed message then they are not dealing with me (if they are aware they are not dealing with me, then it is their problem and their own fault if they get scammed from someone behind my Skype account).

If you know that a certain instant messaging platform doesn't exactly win awards for security measures, you tell people that you will always give a PGP signed message with payment addresses, and you in fact only give payment addresses that are PGP signed via that platform, then I don't see any reason why someone's incompetence should be rewarded if they actively choose to skip taking certain precautions to protect themselves

Wardrick

legendary

Activity: 1022

Merit: 1000

Quote from: Quickseller on March 28, 2015, 12:02:01 AM

Quote from: Wardrick on March 27, 2015, 11:33:33 PM

Quote from: Quickseller on March 27, 2015, 11:04:06 PM

As a practice, I will never give a payment address via Skype (etc) that is not GPG signed by me. I also have this policy posted on my forum profile, and this has been displayed for a long time. This way when someone either hacks my Skype account or is able to impersonate me via Skype or otherwise, without a PGP signed message with a payment address, it will be the fault of whoever supposedly sent funds to the scammer.

I personally do not trust the security practices of Skype or most email providers as they are not designed to be methods that people do business when one person send money via a way that cannot be reversed

That's correct to give a warning. However, if an account is still being used by you and is under your possession I think whatever happens on it is still your responsibility. Unless the warning would be mandatory to read before receiving your Skype name, but that wouldn't be possible as there's no features to allow it (and it also opens the door to fake scam attempts). It wouldn't stop potential people who you are selling something to you from being scammed either. People who have had business contacts for awhile will get a false sense of security when talking to you and be more likely to just conduct a trade without going through the proper measures, more so with what your warning is stating. There's still many scams that could be pulled off without providing a PGP signed message with a payment address.

I also don't trust the security practices of most instant messaging services or email providers. I've seen countless businesses that conduct business through Skype or other apps that are similar have their accounts hacked and used to scam unsuspecting victims.

From my profile:

Quote

Skype:quick.seller I will never send you a payment address via Skype that is not PGP signed

It is not possible to see/get my Skype address without also seeing my disclosure about needing a PGP signed address.

If someone were to get a PGP signed address that was not signed by my PGP key (or one that does not verify) then it is their own fault for not checking. I have previously gotten payment addresses for a very large transaction whose PGP signature did not verify, and my response was that the person needed to resign the message before I would be willing to send funds to them.

Sure this could open up the possibility to fake scam attempts, however like you said the security for Skype (etc) is not the best and should not be relied upon, so instead of relying on their security, people should rely on the security of PGP.

There's a large amount of scams that can occur that wouldn't require a PGP signed message. Most traders do not have their Skype located in one place, they usually give it out in PM and post it around the forums. Unless they wanted to provide a message each time they gave their Skype name out then that wouldn't work (and people would also have to familiarize themselves with PGP). There would have to be a number of rules and guidelines put in place that would have to be followed, which would definitely not happen. Given all this and the condition fake scam attempts will likely occur regularly, it's more convenient and reasonable to just take responsibility for whatever happens on your account.

botany

legendary

Activity: 1582

Merit: 1064

Quote from: Wardrick on March 27, 2015, 10:49:33 PM

I think its already confirmed that if your bitcointalk account is hacked and used to scam then you are responsible. At least that's what I've always thought and what would be the most reasonable in my opinion. It seems there is some confusion though when using a 3rd party source of communication and it gets hacked and used to scam, people think they aren't responsible. In my opinion you're the one taking the risk and you should be held responsible, not the unsuspecting victim. It also opens the doors to fake scam attempts.

Nope, that is not the case.
Example -Account yussuf89 hacked and used as collateral.

Quote from: theymos on February 22, 2015, 07:58:36 PM

That also doesn't strike me as entirely fair. If nothing can be gotten from the person who actually did the stealing, then the person who lost the stolen item and the person who bought it should somehow split the cost IMO.

Quote from: theymos on February 23, 2015, 02:43:59 PM

I think that marcotheminer should return the account now since it was probably hacked, but everyone should give yussuf89 negative feedback for being unable to stand behind his account's actions unless he pays 50-75% of the loan principle. (This is just my opinion -- I'm not going to try to enforce it.)

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: Wardrick on March 27, 2015, 11:33:33 PM

Quote from: Quickseller on March 27, 2015, 11:04:06 PM

As a practice, I will never give a payment address via Skype (etc) that is not GPG signed by me. I also have this policy posted on my forum profile, and this has been displayed for a long time. This way when someone either hacks my Skype account or is able to impersonate me via Skype or otherwise, without a PGP signed message with a payment address, it will be the fault of whoever supposedly sent funds to the scammer.

I personally do not trust the security practices of Skype or most email providers as they are not designed to be methods that people do business when one person send money via a way that cannot be reversed

That's correct to give a warning. However, if an account is still being used by you and is under your possession I think whatever happens on it is still your responsibility. Unless the warning would be mandatory to read before receiving your Skype name, but that wouldn't be possible as there's no features to allow it (and it also opens the door to fake scam attempts). It wouldn't stop potential people who you are selling something to you from being scammed either. People who have had business contacts for awhile will get a false sense of security when talking to you and be more likely to just conduct a trade without going through the proper measures, more so with what your warning is stating. There's still many scams that could be pulled off without providing a PGP signed message with a payment address.

I also don't trust the security practices of most instant messaging services or email providers. I've seen countless businesses that conduct business through Skype or other apps that are similar have their accounts hacked and used to scam unsuspecting victims.

From my profile:

Quote

Skype:quick.seller I will never send you a payment address via Skype that is not PGP signed

It is not possible to see/get my Skype address without also seeing my disclosure about needing a PGP signed address.

If someone were to get a PGP signed address that was not signed by my PGP key (or one that does not verify) then it is their own fault for not checking. I have previously gotten payment addresses for a very large transaction whose PGP signature did not verify, and my response was that the person needed to resign the message before I would be willing to send funds to them.

Sure this could open up the possibility to fake scam attempts, however like you said the security for Skype (etc) is not the best and should not be relied upon, so instead of relying on their security, people should rely on the security of PGP.

Wardrick

legendary

Activity: 1022

Merit: 1000

Quote from: Quickseller on March 27, 2015, 11:04:06 PM

As a practice, I will never give a payment address via Skype (etc) that is not GPG signed by me. I also have this policy posted on my forum profile, and this has been displayed for a long time. This way when someone either hacks my Skype account or is able to impersonate me via Skype or otherwise, without a PGP signed message with a payment address, it will be the fault of whoever supposedly sent funds to the scammer.

I personally do not trust the security practices of Skype or most email providers as they are not designed to be methods that people do business when one person send money via a way that cannot be reversed

That's correct to give a warning. However, if an account is still being used by you and is under your possession I think whatever happens on it is still your responsibility. Unless the warning would be mandatory to read before receiving your Skype name, but that wouldn't be possible as there's no features to allow it (and it also opens the door to fake scam attempts). It wouldn't stop potential people who you are selling something to you from being scammed either. People who have had business contacts for awhile will get a false sense of security when talking to you and be more likely to just conduct a trade without going through the proper measures, more so with what your warning is stating. There's still many scams that could be pulled off without providing a PGP signed message with a payment address.

I also don't trust the security practices of most instant messaging services or email providers. I've seen countless businesses that conduct business through Skype or other apps that are similar have their accounts hacked and used to scam unsuspecting victims.

Quickseller

copper member

Activity: 2996

Merit: 2374

As a practice, I will never give a payment address via Skype (etc) that is not GPG signed by me. I also have this policy posted on my forum profile, and this has been displayed for a long time. This way when someone either hacks my Skype account or is able to impersonate me via Skype or otherwise, without a PGP signed message with a payment address, it will be the fault of whoever supposedly sent funds to the scammer.

I personally do not trust the security practices of Skype or most email providers as they are not designed to be methods that people do business when one person send money via a way that cannot be reversed

Wardrick

legendary

Activity: 1022

Merit: 1000

I think its already confirmed that if your bitcointalk account is hacked and used to scam then you are responsible. At least that's what I've always thought and what would be the most reasonable in my opinion. It seems there is some confusion though when using a 3rd party source of communication and it gets hacked and used to scam, people think they aren't responsible. In my opinion you're the one taking the risk and you should be held responsible, not the unsuspecting victim. It also opens the doors to fake scam attempts.

botany

legendary

Activity: 1582

Merit: 1064

Quote from: Wardrick on March 25, 2015, 07:49:27 PM

Quote from: Dr-Exchanger on October 10, 2013, 10:29:35 AM

My Skype is Hacked again
Please PM me Here for confirmation before any Deal !
I'm Not Responsible for any Scams Happen Unless You confirm its me by PM
For Security Reasons, I will never use skype once again

Many people use offsite methods of contact to conduct trades, and as you see stuff like above happens. It's actually quite easy to have your Skype account hacked. Dr Exchanger seems to have stopped using Skype (yet he still claims he's not responsible for any scams that occur if you don't confirm it's him), but there are many other people still using it and other forms of offsite contact to conduct trades. For future reference before a large scam occurs, I think it would be a smart idea to determine whether or not you're liable for repaying the victims if you're offsite form of contact is hacked and used to scam (Skype, Email, ICQ, ect.).

I still think these cases would be less prevalent than the number of bitcointalk accounts getting hacked. We should also add what happens when a hacked bitcointalk account is used to scam/borrow/used as collateral.

Wardrick

legendary

Activity: 1022

Merit: 1000

Quote from: Dr-Exchanger on October 10, 2013, 10:29:35 AM

My Skype is Hacked again
Please PM me Here for confirmation before any Deal !
I'm Not Responsible for any Scams Happen Unless You confirm its me by PM
For Security Reasons, I will never use skype once again

Many people use offsite methods of contact to conduct trades, and as you see stuff like above happens. It's actually quite easy to have your Skype account hacked. Dr Exchanger seems to have stopped using Skype (yet he still claims he's not responsible for any scams that occur if you don't confirm it's him), but there are many other people still using it and other forms of offsite contact to conduct trades. For future reference before a large scam occurs, I think it would be a smart idea to determine whether or not you're liable for repaying the victims if you're offsite form of contact is hacked and used to scam (Skype, Email, ICQ, ect.).

Edit: This should also be moved back to Meta as its discussion about the Bitcoin forum and measures that should be set in place to improve the overall security of traders who use 3rd party applications.

Topic: Offsite Contact Liabilities (Read 847 times)