Pages:
Author

Topic: [Payout Updates] Bitcoinica site is taken offline for security investigation - page 6. (Read 156711 times)

member
Activity: 110
Merit: 10
AurumXchange didn't publish any contents from the e-mail address (obviously they didn't know its password), zhou was doing that. And they didn'tBitcoinica LP does not speak for the privacy rights of Zhou Tong, they are his own. If ZT was their concern, they could have easily contacted him privately and learned that his account was compromised before publishing his private information for the world to see.

What private information of Zhou Tong's was published???
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
This is of course, poppycock, the actions of the hacker do not mean that it's open season on Zhou Tong, and Zhou Tong's own discussion of his business to not mean all aspects of it can be revealed to the world.

If I were to hack your e-mail address and use it to commit a crime, that does not mean that the company that hosts it can now publish the contents of the account for the world to see.  You still have an agreement with them no matter what I do to you.

AurumXchange didn't publish any contents from the e-mail address (obviously they didn't know its password), zhou was doing that. And they didn't discuss or reveal all aspects of Zhou's business, only two things: that he had an LR order with them and that he was connected to the e-mail address.

Both of which they had no right to reveal in violation of their privacy policy.  The point is, however, that by the false legal interpretation they are suggesting they COULD HAVE released everything about the account if they wanted to.  This is how you know their interpretation does not make any sense. 

Quote
They were in a tough position and would have much preferred for Bitcoinica LP to initiate some official court proceedings, but that didn't happen so they disclosed it publicly as they said.

Bitcoinica LP does not speak for the privacy rights of Zhou Tong, they are his own. If ZT was their concern, they could have easily contacted him privately and learned that his account was compromised before publishing his private information for the world to see.

legendary
Activity: 826
Merit: 1001
rippleFanatic
This is of course, poppycock, the actions of the hacker do not mean that it's open season on Zhou Tong, and Zhou Tong's own discussion of his business to not mean all aspects of it can be revealed to the world.

If I were to hack your e-mail address and use it to commit a crime, that does not mean that the company that hosts it can now publish the contents of the account for the world to see.  You still have an agreement with them no matter what I do to you.

AurumXchange didn't publish any contents from the e-mail address (obviously they didn't know its password), zhou was doing that. And they didn't discuss or reveal all aspects of Zhou's business, only two things: that he had an LR order with them and that he was connected to the e-mail address. They kept all other aspects of his order private: his singapore bank account, his LR account (zhou was the one who revealed his own LR account), the e-mail address zhou used there, etc.

They were in a tough position and would have much preferred for Bitcoinica LP to initiate some official court proceedings, but that didn't happen so they disclosed it publicly as they said. Maybe they could have given zhou a 12-hour heads up in the case he were a victim, but there was also sufficient reason not to. I'm glad they did, because it did lead to 15k BTC being returned. Hopefully it will be more.

At this point I just really hope he can get the rest of our money back. If not, then I hope zhou reveals Chen Jianhai's personal information (its probably a common name) as he is threatening.

And its really a shame that zhou didn't have offsite backups of the account database. A shame that Bitcoinica Consultancy had an insecure e-mail. A real shame that Patrick Strateman never changed the LastPass password. And a real god-damn shame that he, Donald, and Amir are walking away from Bitcoinica Consultancy LP. Despite their two major fuck-ups, I hope they come back so that Bitcoinica LP is not forced into liquidation "receivership". Customers have already filed their claims and they worked for months sorting the fraudulent claims from the valid ones. At the very least, I hope they turn over their work so far.
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
It's a shame your attempts to spin this seem to be working.  Here is a challenge for a journalist looking at the facts of this matter:  What law states that privacy agreements are invalid  if a user of a site discusses any aspect of their business with a company publicly?

They didn't violate zhoutong's privacy, they violated the hacker's privacy (actually the hacker never had it in the first place since he didn't follow the ToS). Zhou had already stated that he had a $40k LR order with aurumxchange, and they publicly confirmed that. What they also disclosed, along with MtGox, was that the hacker's email address had a connection to zhoutong. That was a fact so its not libel, and its not a violation of privacy since the thief doesn't have privacy protections.

The violator of zhoutong's privacy in this scenario is Chen Jianhai, by means of identity theft. I really hope zhou can get the rest of the stolen funds back, BTC and the USD, and turn them over to Patrick Murk in agreement with Bitcoinica LP. It is in his best interest.

This is of course, poppycock, the actions of the hacker do not mean that it's open season on Zhou Tong, and Zhou Tong's own discussion of his business to not mean all aspects of it can be revealed to the world.

If I were to hack your e-mail address and use it to commit a crime, that does not mean that the company that hosts it can now publish the contents of the account for the world to see.  You still have an agreement with them no matter what I do to you.

They disclosed the hackers details.

No, they released the details of the account a hacker had compromised and was using without authorization.  Again, if I hacked your account and committed a crime with it, should your host be allowed to post the contents of your inbox everywhere?
hero member
Activity: 686
Merit: 500
Wat
It's a shame your attempts to spin this seem to be working.  Here is a challenge for a journalist looking at the facts of this matter:  What law states that privacy agreements are invalid  if a user of a site discusses any aspect of their business with a company publicly?

They didn't violate zhoutong's privacy, they violated the hacker's privacy (actually the hacker never had it in the first place since he didn't follow the ToS). Zhou had already stated that he had a $40k LR order with aurumxchange, and they publicly confirmed that. What they also disclosed, along with MtGox, was that the hacker's email address had a connection to zhoutong. That was a fact so its not libel, and its not a violation of privacy since the thief doesn't have privacy protections.

The violator of zhoutong's privacy in this scenario is Chen Jianhai, by means of identity theft. I really hope zhou can get the rest of the stolen funds back, BTC and the USD, and turn them over to Patrick Murk in agreement with Bitcoinica LP. It is in his best interest.

This is of course, poppycock, the actions of the hacker do not mean that it's open season on Zhou Tong, and Zhou Tong's own discussion of his business to not mean all aspects of it can be revealed to the world.

If I were to hack your e-mail address and use it to commit a crime, that does not mean that the company that hosts it can now publish the contents of the account for the world to see.  You still have an agreement with them no matter what I do to you.

They disclosed the hackers details.
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
It's a shame your attempts to spin this seem to be working.  Here is a challenge for a journalist looking at the facts of this matter:  What law states that privacy agreements are invalid  if a user of a site discusses any aspect of their business with a company publicly?

They didn't violate zhoutong's privacy, they violated the hacker's privacy (actually the hacker never had it in the first place since he didn't follow the ToS). Zhou had already stated that he had a $40k LR order with aurumxchange, and they publicly confirmed that. What they also disclosed, along with MtGox, was that the hacker's email address had a connection to zhoutong. That was a fact so its not libel, and its not a violation of privacy since the thief doesn't have privacy protections.

The violator of zhoutong's privacy in this scenario is Chen Jianhai, by means of identity theft. I really hope zhou can get the rest of the stolen funds back, BTC and the USD, and turn them over to Patrick Murk in agreement with Bitcoinica LP. It is in his best interest.

This is of course, poppycock, the actions of the hacker do not mean that it's open season on Zhou Tong, and Zhou Tong's own discussion of his business to not mean all aspects of it can be revealed to the world.

If I were to hack your e-mail address and use it to commit a crime, that does not mean that the company that hosts it can now publish the contents of the account for the world to see.  You still have an agreement with them no matter what I do to you.
legendary
Activity: 826
Merit: 1001
rippleFanatic
It's a shame your attempts to spin this seem to be working.  Here is a challenge for a journalist looking at the facts of this matter:  What law states that privacy agreements are invalid  if a user of a site discusses any aspect of their business with a company publicly?

They didn't violate zhoutong's privacy, they violated the hacker's privacy (actually the hacker never had it in the first place since he didn't follow the ToS). Zhou had already stated that he had a $40k LR order with aurumxchange, and they publicly confirmed that. What they also disclosed, along with MtGox, was that the hacker's email address had a connection to zhoutong. That was a fact so its not libel, and its not a violation of privacy since the thief doesn't have privacy protections.

The violator of zhoutong's privacy in this scenario is Chen Jianhai, by means of identity theft. I really hope zhou can get the rest of the stolen funds back, BTC and the USD, and turn them over to Patrick Murk in agreement with Bitcoinica LP. It is in his best interest.
hero member
Activity: 868
Merit: 1000
Just browsed through this, as the last pages are a complete shitstorm discussing minutious details that are completely uninteresting.

Seeing as how inefficient most state sponsored investigative units are (unless there's a shitload of money at stake, or some prominent politician is threatened), the community is well served with responsible business owners that use their common sense to fix things.

Theres a lot of yelling about lawyers, suing that or this and so on, but stop yelling, and go to a lawyer if that's the case, and he will take it from there.

We clearly see that the parties involved in the Bitcoinica scandal does not stand up and work in concert to have the clusterfuck fixed, and as so, the adults in the community needs to stand up and work togheter to learn the immature boys proper conduct. Proper conduct is not stealing and/or witholding millions of dollars and huge BTC amounts.

Some of the discussion that goes on here is akin to discuss whether you should turn your computer off or leave it running while your're engulfed in flames in a burning house.

At one point I called the financial crime unit in my country because I had reason to believe a multi-million dollar scam had been going on for years with a certain company ripping customers off non-trivial amounts. The response from the financial crime unit was that this was totally uninteresting ant it's up to the consumers to look after themselves.

Then I called the organization that is looking after the consumers interest, eventually the fact was established that they're totally tooth less, and can't do anything about nothing.

I contacted VISA, Mastercard, registrars etc. All were unwilling to do anything about the case. So in the end, I realized for me, as a consumer, and it wasn't even my money that was lost, but someone elses, and I only tried to help, the fight was not worth fighting. I could've continued fighting it, but there was nothing in it for me. I tried to do some efforts to shut them down so others would not be scammed, but as long as many customers are scammed for small amounts, nobody cares, and esp. not if the company had disguised the scamming such that it's not 'outside the law' while still questionable. The company in question was also incorporated in a jurisdiction were they were incredibly hard to reach.

IF the full amount in the scam concerned was stolen from a state agency, you can be 100% sure that every stone in the country would be turned to find the perpetrators.

So, what I realized is that I need to look after myself and my family, I can't rely on authorities to get help when I need it, but the taxes I still need to pay..

So for the bitcoinica case, lawyering up will only cost a shitload.

I would advise all those involved to figure out how to solve this, and then get to work. It would be incredibly sad if someone actually got killed over this. Even a man who steals millions of dollars should not be killed. (If I felt that way if it was my own money that was stolen, is another matter).

But the point is that there's no point arguing over minute details while millions worth of USD is missing.

All logic dictates that when Zhou Tong at the same time of the hack tries to withdraw an amount equal to that stolen, and an e-mail address associated to him is used along with the 'hack', then it's all reason to be suspicious. I would've acted exactly the same way as aurumexchange in such a case, and if anyone thought I acted illegally or unethical, then bring the lawsuits on, I applaud aurumxchange for hos he acted in this case.

Please hold onto the funds in question, until it's sorted out without a shadow of a doubt that everything is cleared.

And a message for Zhou Thong: You think you're clever, and you love to brag. In fact you're a young man, and you have many years left before you mature as a person, and learn to moderate yourself, if you're involved or not, I sincerely hope this will be sorted out, and if you're involved in stealing other people's money, you should do your best to make it good again, and admit what you did. How would you feel if someone stole a large amount of money from you ?

Sometime the day will come when you can put the hand on your heart and say: "I'm too old to know it all". That's an Oscar Wilde quote btw. And funny thing, many young braggers don't even phantom what it means..
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
It's a shame your attempts to spin this seem to be working.

Perhaps they are working because I am not spinning. I present my case with facts and in a calm manner. You are on a never ending quest for shilling and no critical-thinking individual in this forum takes you seriously at this point.

No see, the non-spin answer is to cite the law instead of personally attacking your critics.  

A journalist after the facts here might also ask you how your company feels about the stalking and threats of criminal activity against Zhou Tong that have occurred in the wake of your violation of his privacy.  They also might ask why, even if you felt your were legally allowed to violate his privacy, you felt the obligation to do so when you could have contracted him privately to learn his account had been compromised and that you would be starting up a lynch mob for no reason if you went public.
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
It's a shame your attempts to spin this seem to be working.  Here is a challenge for a journalist looking at the facts of this matter:  What law states that privacy agreements are invalid  if a user of a site discusses any aspect of their business with a company publicly?
legendary
Activity: 826
Merit: 1001
rippleFanatic
Quote
Aurum Capital Holdings, Incorporated will not sell your personal information or otherwise disclose it to a third party without your consent, except under the following circumstances:

If ordered by a ruling body of competent jurisdiction as recognized by Commonwealth of Dominica law.
If ordered by the issuing bank for our debit cards customers as part of their ongoing Know Your Customer verification procedures.

Quote
(3) A financial institution or person carrying on a scheduled business, shall not notify any person, other than a court, competent authority or other person authorised by law, that information has been requested by or furnished to a court or the Authority.

http://www.imolin.org/doc/amlid/Dominica_MoneyLaundering(Prevention)Act_2000.pdf

AurumXchange didn't reveal your personal information, they only revealed the hacker's e-mail address and liberty reserve account. They confirmed publicly that you had an order with them and the amount of it (not in an email/pm as you requested). Your personal information would be your email address, your singapore bank account, or your physical address, but they didn't reveal any of that.

So they did disclose the hacker's e-mail address and LR account (the bank account was revealed by zhou), first with MtGox and then publicly, when they weren't ordered to do so under either of the two exceptions of the privacy policy. But that doesn't violate their privacy policy, because the policy only applies to users following their Terms of Service. The hacker violated the ToS so he doesn't have those protections.

Quote
By providing us with your personal information, you agree to the collection, storage and use of your personal information by Aurum Capital Holdings Incorporated in the manner set out in this privacy policy and the Terms and Conditions set forth for our services.

The (3) from the Dominican law doesn't apply here, since there was no court or Authority which requested the information.
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
Quote
You gave us implicit consent to make a statement regarding this situation the moment you chose to make the information regarding your dealings with our company public.

There you have it, the AurumXChange privacy policy is that if you ever mention having dealings with them they consider it consent to publish any information they have about your account publicly online.

Account holders better be made aware of this, criticizing them could mean facing serious public backlash if you have admitted you have an account.

Zhou Tong didn't criticize us at any time previous to our statements. Your logic failed, so you resort to manufacturing things to libel.

This is not "our policy". It is the law of the Commonwealth of Dominica, and the law on most, if not all, common-law based countries.


I did not say he did criticize you, there wasn't much reason to prior to your decision to violate his privacy and help start this witch hunt.  However, it is entirely true that you could pull this same routine on someone who did and point to the same false legal interpretation. 
hero member
Activity: 560
Merit: 500
The matter of the fact is, we have never released any personal, sensitive, and/or confidential information regarding Zhou Tong that has not been previously and compulsory disclosed by himself to the public. By making this information public, and by begin the question of why his funds were being withheld on a public forum, we are well within our rights, both from a legal and ethical stand point, to make an statement regarding the situation. I will invite anyone to challenge this under the laws of the Commonwealth of Dominica.

Cordially,
Roberto


Quote
(3) A financial institution or person carrying on a scheduled business, shall not notify any person, other than a court, competent authority or other person authorised by law, that information has been requested by or furnished to a court or the Authority.

http://www.imolin.org/doc/amlid/Dominica_MoneyLaundering(Prevention)Act_2000.pdf


Actually, Zhou, thank you very much for posting this quote:

Quote
Aurum Capital Holdings, Incorporated will not sell your personal information or otherwise disclose it to a third party without your consent, except under the following circumstances:

If ordered by a ruling body of competent jurisdiction as recognized by Commonwealth of Dominica law.
If ordered by the issuing bank for our debit cards customers as part of their ongoing Know Your Customer verification procedures.

You gave us implicit consent to make a statement regarding this situation the moment you chose to make the information regarding your dealings with our company public.

Anybody that feels differently is more than welcome to lodge a complaint with the relevant authorities of court of law. My interest mainly is the rational behind the Bitcoin Magazine article.

Thank you.

First of all, thank you for providing a well reasoned and researched defense. It did appear as if you were violated some TOS because we were not aware of the earlier posts. When you were repeatedly asked about it on the forum, you ignored the question. It appeared to be a clear violation and you must have been asked about a dozen times with no response. It is our shortcoming for not contacting you directly for a comment before publishing the article.

While I had nothing to do with writing the article, I can defend that content at the time it was written.
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
Quote
You gave us implicit consent to make a statement regarding this situation the moment you chose to make the information regarding your dealings with our company public.

There you have it, the unwritten and formerly undisclosed AurumXChange privacy policy is that if you ever mention having dealings with them they consider it consent to publish any information they have about your account publicly online.

Account holders better be made aware of this, criticizing them could mean facing serious public backlash if you have admitted you have an account.
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
 
Quote
He forgone confidentiality when he made this information compulsorily available in a public forum.

Says who?  Not your privacy policy, that's for damn sure.  To be clear, you are agreeing that any time someone discusses their transactions in public you are freed from any responsibility to your privacy policy.  I think you should spell that out for people when they use your service.  Or else, explain which circumstance this is:

-
If ordered by a ruling body of competent jurisdiction as recognized by Commonwealth of Dominica law.
If ordered by the issuing bank for our debit cards customers as part of their ongoing Know Your Customer verification procedures.
-

Who ordered you to release this info?

Quote
I am not interested in entertaining your train of thought, but to obtain a rational explanation from Bitcoin Magazine as to why those accusations were made in the aforementioned article.

It seems like the answer is, because they are factually correct. 
vip
Activity: 490
Merit: 502
The matter of the fact is, we have never released any personal, sensitive, and/or confidential information regarding Zhou Tong that has not been previously and compulsory disclosed by himself to the public. By making this information public, and by begin the question of why his funds were being withheld on a public forum, we are well within our rights, both from a legal and ethical stand point, to make an statement regarding the situation. I will invite anyone to challenge this under the laws of the Commonwealth of Dominica.

Cordially,
Roberto


Quote
(3) A financial institution or person carrying on a scheduled business, shall not notify any person, other than a court, competent authority or other person authorised by law, that information has been requested by or furnished to a court or the Authority.

http://www.imolin.org/doc/amlid/Dominica_MoneyLaundering(Prevention)Act_2000.pdf
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
You publicly revealed the e-mail address that was used, for one.  I note you didn't mention it by name this time and just mentioned "an email address" instead.  You revealed that customer data without giving Zhou a chance to clarify that it had been compromised so as to imply his guilt.  

Also, could you point to the portion of your privacy policy that states than the policy is invalid and you no longer have an obligation to protect information if anyone makes a personal decision to reveal information on their own to others?  Should the rest of your users be concerned that they are waiving their right to have the data held with you kept secure if they ever mention any details of their transactions?

I released the email address used to launder the proceedings of a crime, and NOT the email address used by Zhou Tong on his 40k order. I have also stated that to our understanding, this email address belonged to Zhou Tong, as part of the supporting information as to why his funds were being with held. Again, Zhou Tong beg the question in a PUBLIC forum of why his funds were being withheld, and we offered an answer.

I still need to understand how we broke any confidentiality laws, or our own terms and conditions? The article on the Bitcoin Magazine states, as a fact, that we have breached our terms and conditions without providing any specifics. I am asking for those specifics now.

Could you point to the portion of your privacy agreement where it notes the agreement is invalid when you suspect someone has committed a crime?  Can you violate this agreement with anyone as long as you allege, without conviction or even charges filed, that a crime has occurred?  And again, since you ask about what Zhou said in public, where is the portion of your privacy policy where it is stated that the policy is invalid if you discuss your accounts in public?

It doesn't seem like you are even disputing you violated the privacy of an account holder, you are just making excuses for why that is okay without pointing to where your policy states that.
full member
Activity: 182
Merit: 100
Look upon me, BitcoinTalk, for I...am...Rarity!
You publicly revealed the e-mail address that was used, for one.  I note you didn't mention it by name this time and just mentioned "an email address" instead.  You revealed that customer data without giving Zhou a chance to clarify that it had been compromised so as to imply his guilt.  

Also, could you point to the portion of your privacy policy that states than the policy is invalid and you no longer have an obligation to protect information if anyone makes a personal decision to reveal information on their own to others?  Should the rest of your users be concerned that they are waiving their right to have the data held with you kept secure if they ever mention any details of their transactions?
hero member
Activity: 700
Merit: 500
What doesn't kill you only makes you sicker!
Punished?

You don't feel it's punishing to have the community turn on you and treat you as if you were guilty?

His reputation ruined?

Seems to me it pretty much is.

That's because the wrote the damn system full of fail - he deserves this reputation.

I don't know if you've ever written any software (and I don't assume you haven't) but they're hard to secure. I can't believe for one second you're saying he deserves to be treated as if he's guilty just because he wrote bad code. Other websites have had security issues too, do you mean to say we should treat them all the same way?

We aren't a court, but we can express our opinions here. If I believe that he's a thief and there is evidence to that - noone can stop me from saying it out loud.

You're right. You can shout as loud as you like and that's also why we have defamation laws. If you're wrong and you're taken to court for defamation, I suppose you'll accept the damages, no contest?
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
So under the guise of "investigation" Zhou Tong's entire history with a company can be shared, for by his own actions Zhou Tong has made this forum the venue for the investigation.
Is any operator of any Bitcoin exchange willing to adopt this argument?

Will any of you agree with this statement: "If we suspect you've committed a crime, and you've discussed that issue publicly, our exchange reserves the right to release your account and transaction information to the public on that same forum, to further that discussion and investigation."

Somehow I don't think that there's a financial organization of any kind, exchange, bank, wallet service, or the like, that will publicly agree with that statement. You might want to think about *why* that is. (Hint: That's not what their customers expect, and have a right to expect.)
Pages:
Jump to: