Topic: [Payout Updates] Bitcoinica site is taken offline for security investigation - page 6. (Read 156653 times)

Both of which were already public information at that point, Zhou Tong having published himself that he had a $40k LR transaction blocked with AurumXchange on this very forum, and the fact that the email is linked to Zhou is something that didn't come from AurumXchange's protected files, but from different bitcoiners stepping up during the investigation saying they recognize this email.

What private information of Zhou Tong's was published???

Both of which they had no right to reveal in violation of their privacy policy.  The point is, however, that by the false legal interpretation they are suggesting they COULD HAVE released everything about the account if they wanted to.  This is how you know their interpretation does not make any sense. 


Bitcoinica LP does not speak for the privacy rights of Zhou Tong, they are his own. If ZT was their concern, they could have easily contacted him privately and learned that his account was compromised before publishing his private information for the world to see.

AurumXchange didn't publish any contents from the e-mail address (obviously they didn't know its password), zhou was doing that. And they didn't discuss or reveal all aspects of Zhou's business, only two things: that he had an LR order with them and that he was connected to the e-mail address. They kept all other aspects of his order private: his singapore bank account, his LR account (zhou was the one who revealed his own LR account), the e-mail address zhou used there, etc.

They were in a tough position and would have much preferred for Bitcoinica LP to initiate some official court proceedings, but that didn't happen so they disclosed it publicly as they said. Maybe they could have given zhou a 12-hour heads up in the case he were a victim, but there was also sufficient reason not to. I'm glad they did, because it did lead to 15k BTC being returned. Hopefully it will be more.

At this point I just really hope he can get the rest of our money back. If not, then I hope zhou reveals Chen Jianhai's personal information (its probably a common name) as he is threatening.

And its really a shame that zhou didn't have offsite backups of the account database. A shame that Bitcoinica Consultancy had an insecure e-mail. A real shame that Patrick Strateman never changed the LastPass password. And a real god-damn shame that he, Donald, and Amir are walking away from Bitcoinica Consultancy LP. Despite their two major fuck-ups, I hope they come back so that Bitcoinica LP is not forced into liquidation "receivership". Customers have already filed their claims and they worked for months sorting the fraudulent claims from the valid ones. At the very least, I hope they turn over their work so far.

No, they released the details of the account a hacker had compromised and was using without authorization.  Again, if I hacked your account and committed a crime with it, should your host be allowed to post the contents of your inbox everywhere?

They disclosed the hackers details.

This is of course, poppycock, the actions of the hacker do not mean that it's open season on Zhou Tong, and Zhou Tong's own discussion of his business to not mean all aspects of it can be revealed to the world.

If I were to hack your e-mail address and use it to commit a crime, that does not mean that the company that hosts it can now publish the contents of the account for the world to see.  You still have an agreement with them no matter what I do to you.

They didn't violate zhoutong's privacy, they violated the hacker's privacy (actually the hacker never had it in the first place since he didn't follow the ToS). Zhou had already stated that he had a $40k LR order with aurumxchange, and they publicly confirmed that. What they also disclosed, along with MtGox, was that the hacker's email address had a connection to zhoutong. That was a fact so its not libel, and its not a violation of privacy since the thief doesn't have privacy protections.

The violator of zhoutong's privacy in this scenario is Chen Jianhai, by means of identity theft. I really hope zhou can get the rest of the stolen funds back, BTC and the USD, and turn them over to Patrick Murk in agreement with Bitcoinica LP. It is in his best interest.

Just browsed through this, as the last pages are a complete shitstorm discussing minutious details that are completely uninteresting.

Seeing as how inefficient most state sponsored investigative units are (unless there's a shitload of money at stake, or some prominent politician is threatened), the community is well served with responsible business owners that use their common sense to fix things.

Theres a lot of yelling about lawyers, suing that or this and so on, but stop yelling, and go to a lawyer if that's the case, and he will take it from there.

We clearly see that the parties involved in the Bitcoinica scandal does not stand up and work in concert to have the clusterfuck fixed, and as so, the adults in the community needs to stand up and work togheter to learn the immature boys proper conduct. Proper conduct is not stealing and/or witholding millions of dollars and huge BTC amounts.

Some of the discussion that goes on here is akin to discuss whether you should turn your computer off or leave it running while your're engulfed in flames in a burning house.

At one point I called the financial crime unit in my country because I had reason to believe a multi-million dollar scam had been going on for years with a certain company ripping customers off non-trivial amounts. The response from the financial crime unit was that this was totally uninteresting ant it's up to the consumers to look after themselves.

Then I called the organization that is looking after the consumers interest, eventually the fact was established that they're totally tooth less, and can't do anything about nothing.

I contacted VISA, Mastercard, registrars etc. All were unwilling to do anything about the case. So in the end, I realized for me, as a consumer, and it wasn't even my money that was lost, but someone elses, and I only tried to help, the fight was not worth fighting. I could've continued fighting it, but there was nothing in it for me. I tried to do some efforts to shut them down so others would not be scammed, but as long as many customers are scammed for small amounts, nobody cares, and esp. not if the company had disguised the scamming such that it's not 'outside the law' while still questionable. The company in question was also incorporated in a jurisdiction were they were incredibly hard to reach.

IF the full amount in the scam concerned was stolen from a state agency, you can be 100% sure that every stone in the country would be turned to find the perpetrators.

So, what I realized is that I need to look after myself and my family, I can't rely on authorities to get help when I need it, but the taxes I still need to pay..

So for the bitcoinica case, lawyering up will only cost a shitload.

I would advise all those involved to figure out how to solve this, and then get to work. It would be incredibly sad if someone actually got killed over this. Even a man who steals millions of dollars should not be killed. (If I felt that way if it was my own money that was stolen, is another matter).

But the point is that there's no point arguing over minute details while millions worth of USD is missing.

All logic dictates that when Zhou Tong at the same time of the hack tries to withdraw an amount equal to that stolen, and an e-mail address associated to him is used along with the 'hack', then it's all reason to be suspicious. I would've acted exactly the same way as aurumexchange in such a case, and if anyone thought I acted illegally or unethical, then bring the lawsuits on, I applaud aurumxchange for hos he acted in this case.

Please hold onto the funds in question, until it's sorted out without a shadow of a doubt that everything is cleared.

And a message for Zhou Thong: You think you're clever, and you love to brag. In fact you're a young man, and you have many years left before you mature as a person, and learn to moderate yourself, if you're involved or not, I sincerely hope this will be sorted out, and if you're involved in stealing other people's money, you should do your best to make it good again, and admit what you did. How would you feel if someone stole a large amount of money from you ?

Sometime the day will come when you can put the hand on your heart and say: "I'm too old to know it all". That's an Oscar Wilde quote btw. And funny thing, many young braggers don't even phantom what it means..

No see, the non-spin answer is to cite the law instead of personally attacking your critics.  

A journalist after the facts here might also ask you how your company feels about the stalking and threats of criminal activity against Zhou Tong that have occurred in the wake of your violation of his privacy.  They also might ask why, even if you felt your were legally allowed to violate his privacy, you felt the obligation to do so when you could have contracted him privately to learn his account had been compromised and that you would be starting up a lynch mob for no reason if you went public.

It's a shame your attempts to spin this seem to be working.  Here is a challenge for a journalist looking at the facts of this matter:  What law states that privacy agreements are invalid  if a user of a site discusses any aspect of their business with a company publicly?

AurumXchange didn't reveal your personal information, they only revealed the hacker's e-mail address and liberty reserve account. They confirmed publicly that you had an order with them and the amount of it (not in an email/pm as you requested). Your personal information would be your email address, your singapore bank account, or your physical address, but they didn't reveal any of that.

So they did disclose the hacker's e-mail address and LR account (the bank account was revealed by zhou), first with MtGox and then publicly, when they weren't ordered to do so under either of the two exceptions of the privacy policy. But that doesn't violate their privacy policy, because the policy only applies to users following their Terms of Service. The hacker violated the ToS so he doesn't have those protections.


The (3) from the Dominican law doesn't apply here, since there was no court or Authority which requested the information.

I did not say he did criticize you, there wasn't much reason to prior to your decision to violate his privacy and help start this witch hunt.  However, it is entirely true that you could pull this same routine on someone who did and point to the same false legal interpretation. 

First of all, thank you for providing a well reasoned and researched defense. It did appear as if you were violated some TOS because we were not aware of the earlier posts. When you were repeatedly asked about it on the forum, you ignored the question. It appeared to be a clear violation and you must have been asked about a dozen times with no response. It is our shortcoming for not contacting you directly for a comment before publishing the article.

While I had nothing to do with writing the article, I can defend that content at the time it was written.

There you have it, the unwritten and formerly undisclosed AurumXChange privacy policy is that if you ever mention having dealings with them they consider it consent to publish any information they have about your account publicly online.

Account holders better be made aware of this, criticizing them could mean facing serious public backlash if you have admitted you have an account.

 
Says who?  Not your privacy policy, that's for damn sure.  To be clear, you are agreeing that any time someone discusses their transactions in public you are freed from any responsibility to your privacy policy.  I think you should spell that out for people when they use your service.  Or else, explain which circumstance this is:

-
If ordered by a ruling body of competent jurisdiction as recognized by Commonwealth of Dominica law.
If ordered by the issuing bank for our debit cards customers as part of their ongoing Know Your Customer verification procedures.
-

Who ordered you to release this info?


It seems like the answer is, because they are factually correct. 

http://www.imolin.org/doc/amlid/Dominica_MoneyLaundering(Prevention)Act_2000.pdf

Could you point to the portion of your privacy agreement where it notes the agreement is invalid when you suspect someone has committed a crime?  Can you violate this agreement with anyone as long as you allege, without conviction or even charges filed, that a crime has occurred?  And again, since you ask about what Zhou said in public, where is the portion of your privacy policy where it is stated that the policy is invalid if you discuss your accounts in public?

It doesn't seem like you are even disputing you violated the privacy of an account holder, you are just making excuses for why that is okay without pointing to where your policy states that.

You publicly revealed the e-mail address that was used, for one.  I note you didn't mention it by name this time and just mentioned "an email address" instead.  You revealed that customer data without giving Zhou a chance to clarify that it had been compromised so as to imply his guilt.  

Also, could you point to the portion of your privacy policy that states than the policy is invalid and you no longer have an obligation to protect information if anyone makes a personal decision to reveal information on their own to others?  Should the rest of your users be concerned that they are waiving their right to have the data held with you kept secure if they ever mention any details of their transactions?

You don't feel it's punishing to have the community turn on you and treat you as if you were guilty?


Seems to me it pretty much is.


I don't know if you've ever written any software (and I don't assume you haven't) but they're hard to secure. I can't believe for one second you're saying he deserves to be treated as if he's guilty just because he wrote bad code. Other websites have had security issues too, do you mean to say we should treat them all the same way?


You're right. You can shout as loud as you like and that's also why we have defamation laws. If you're wrong and you're taken to court for defamation, I suppose you'll accept the damages, no contest?