Author

Topic: Please think carefully about your signatures to not get scammed! (Read 757 times)

full member
Activity: 154
Merit: 1000
Fica Tranquilo
Hello,

since i got and gave already alot signatures i want to warn about them. Giving out a signature should be considered. Posting it on the forum even more. Everyone knowing that signature possibly could misuse it and try to convince others that he has control about your address.

For example. You have an address and you give out a signature with only your username inside. Everyone that gets this signature to know could now try to register a very similar username at BCT and could try to convince someone that he owns your bitcoin address. If its on IRC one could even claim that this is proof he is the real one at bitcointalk.

Even worse if you only use a text like "This is my address with my Shares on it.". There is no specific info to you or a certain action involved.

In order to prevent this it would be best to only use very specific signatures. Such that only can be used for one purpose. For example "Trade between UserA and UserB for a Bitfury for x BTC on (date)". You cant really recycle that.

The same goes for someone/companies who wants to get a verification. Ask for a certain message to be coded. Thats the best way that you dont get a recycled signature. So the one asking for a signature has to be careful and the one that gives out a signature.

I mention this only because i often think that many messages that are signed could be recycled. I dont know of cases yet where this was used to scam but its best to have thought about that possibility before its misused.

Greetings!
Sebastian

+1

I agree, always mention specifically why you sign the message and put in a date!

legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
Hello,

since i got and gave already alot signatures i want to warn about them. Giving out a signature should be considered. Posting it on the forum even more. Everyone knowing that signature possibly could misuse it and try to convince others that he has control about your address.

For example. You have an address and you give out a signature with only your username inside. Everyone that gets this signature to know could now try to register a very similar username at BCT and could try to convince someone that he owns your bitcoin address. If its on IRC one could even claim that this is proof he is the real one at bitcointalk.

Even worse if you only use a text like "This is my address with my Shares on it.". There is no specific info to you or a certain action involved.

In order to prevent this it would be best to only use very specific signatures. Such that only can be used for one purpose. For example "Trade between UserA and UserB for a Bitfury for x BTC on (date)". You cant really recycle that.

The same goes for someone/companies who wants to get a verification. Ask for a certain message to be coded. Thats the best way that you dont get a recycled signature. So the one asking for a signature has to be careful and the one that gives out a signature.

I mention this only because i often think that many messages that are signed could be recycled. I dont know of cases yet where this was used to scam but its best to have thought about that possibility before its misused.

Greetings!
Sebastian
Jump to: