Author

Topic: suggestion: Ask for a BTC address upon registration (Read 677 times)

legendary
Activity: 2814
Merit: 2472
https://JetCash.com
I joined Bitcoin talk to find out about Bitcoin, and to seek advice on which wallet to use. It also took some time to sort myself out, and to get something to put in the wallet. Smiley
legendary
Activity: 2016
Merit: 1107
its a good idea for those who are already familiar with bitcoin
but what if a person is a complete and total newb?
this would discourage and limit the audience of the forum and you would be throwing the baby with the bath water doing so
legendary
Activity: 1092
Merit: 1000
nahtnam.com
A lot of the time, private keys will get stolen contemptuously with an account getting hacked so this won’t necessarily solve anything.

Also, the administration will look at a lot more than the signed message when considering to recover an account.

Such as what?

If someone delivers couple of signed messages with a couple of BTC addresses posted here, what other proof could you need? If that doesn't cut it then nothing would.

Like I said, most people getting their accounts stolen is due their emails getting hacked. Getting your private keys stolen is much harder if you are keeping them safe.
The admins will check to make sure the person making the request is the same person who owns the account. The forum does not broker account sales, but will not knowingly help a scammer recover an account they have sold. The admins will review the geo-location, ISP, browser, OS, etc., of the person who is believed to own the account verses the person who is making the password reset request.

I don't think geo-location, ISP, browser, OS, etc is relevant in 2017. Most people use Tor or VPN to access this website, hopefully with javascript off too because you don't want to get hacked by some scammer sending you a PM that has a javascript exploit of sorts which would get your IP, or a simple image hosted by an attacker that opens itself in a PM and reveals your IP could do it. It's just dump to visit a bitcoin forum without some protection. So both good people and bad people are using these things.

Theymos specifically asks for BTC signed messages because it's the only 100% guaranteed way to prove you own the account (getting email, account and entire BTC wallet hacked is too unlikely specially for people that has been here for years, so Hero Members and up)

BTC signed messages are the only way to securely verify someone without giving away personal information. If someone owns your private keys, they essentially own your bitcoin talk. But at that point, if someone has your private keys you have way bigger problems.
member
Activity: 94
Merit: 10
I don't think geo-location, ISP, browser, OS, etc is relevant in 2017. Most people use Tor or VPN to access this website,

People use Tor and VPN but forget to change their User-Agent and screen resolution. They don't realize how unique that fingerprint is. Then they wonder how their alts get linked by forums and websites.
hero member
Activity: 672
Merit: 503
A lot of the time, private keys will get stolen contemptuously with an account getting hacked so this won’t necessarily solve anything.

Also, the administration will look at a lot more than the signed message when considering to recover an account.

Such as what?

If someone delivers couple of signed messages with a couple of BTC addresses posted here, what other proof could you need? If that doesn't cut it then nothing would.

Like I said, most people getting their accounts stolen is due their emails getting hacked. Getting your private keys stolen is much harder if you are keeping them safe.
The admins will check to make sure the person making the request is the same person who owns the account. The forum does not broker account sales, but will not knowingly help a scammer recover an account they have sold. The admins will review the geo-location, ISP, browser, OS, etc., of the person who is believed to own the account verses the person who is making the password reset request.

I don't think geo-location, ISP, browser, OS, etc is relevant in 2017. Most people use Tor or VPN to access this website, hopefully with javascript off too because you don't want to get hacked by some scammer sending you a PM that has a javascript exploit of sorts which would get your IP, or a simple image hosted by an attacker that opens itself in a PM and reveals your IP could do it. It's just dump to visit a bitcoin forum without some protection. So both good people and bad people are using these things.

Theymos specifically asks for BTC signed messages because it's the only 100% guaranteed way to prove you own the account (getting email, account and entire BTC wallet hacked is too unlikely specially for people that has been here for years, so Hero Members and up)
copper member
Activity: 2996
Merit: 2374
A lot of the time, private keys will get stolen contemptuously with an account getting hacked so this won’t necessarily solve anything.

Also, the administration will look at a lot more than the signed message when considering to recover an account.

Such as what?

If someone delivers couple of signed messages with a couple of BTC addresses posted here, what other proof could you need? If that doesn't cut it then nothing would.

Like I said, most people getting their accounts stolen is due their emails getting hacked. Getting your private keys stolen is much harder if you are keeping them safe.
The admins will check to make sure the person making the request is the same person who owns the account. The forum does not broker account sales, but will not knowingly help a scammer recover an account they have sold. The admins will review the geo-location, ISP, browser, OS, etc., of the person who is believed to own the account verses the person who is making the password reset request.
hero member
Activity: 672
Merit: 503
A lot of the time, private keys will get stolen contemptuously with an account getting hacked so this won’t necessarily solve anything.

Also, the administration will look at a lot more than the signed message when considering to recover an account.

Such as what?

If someone delivers couple of signed messages with a couple of BTC addresses posted here, what other proof could you need? If that doesn't cut it then nothing would.

Like I said, most people getting their accounts stolen is due their emails getting hacked. Getting your private keys stolen is much harder if you are keeping them safe.
full member
Activity: 260
Merit: 129
I agree with you. I lost email accessto my previous account, and I'm in touch with admin to get it back because I can claim BITCOIN address on unedited post... It's legit because I had a high security with my wallet and not with my mail address.
legendary
Activity: 2968
Merit: 3061
Join the world-leading crypto sportsbook NOW!
A lot of the posts on here are questions on how to get started, and they will not know how to properly create and secure a bitcoin address. Also I tend to switch wallets pretty often so I would also have trouble verifying my own account if I were to lose access.

Not just that, but a lot of newbs who sign up here know little to nothing about bitcoin and the various functions of it and will use web wallets or exchanges where it's not even possible to sign a message from. Theymos likely isn't going to implement many new changes on this forum but on the new software there will be several two factor authentication methods, but good like trying to get newbies to use them. Another option would be suggesting they post a PGP message  that can be verified but again, this will be difficult for newbies to work out.

Can admins see the history of any changes in the "Bitcoin address:" thing on "Profile"?

No, not currently, but I've suggested they be logged on the new forum to aid in recovery.
copper member
Activity: 2996
Merit: 2374
A lot of the time, private keys will get stolen contemptuously with an account getting hacked so this won’t necessarily solve anything.

Also, the administration will look at a lot more than the signed message when considering to recover an account.
hero member
Activity: 840
Merit: 502
It sounds like a good idea, BUT...
Mostly newbies who register on bitcointalk are new in this world. Some of them even don't have bitcoin wallet at time of registration, others are using wallets which don't have ability of signing a message, so there is no point to use such wallet address for registration. And even many more experienced users don't have idea how to sign a message. And these who knows how to do it can use thread made for staking wallet address.
Maybe a good solution could be that when you reach the rank of member on the forum you receive an automated PM that says that you should include a bitcoin address to your profile, to reach the rank of member you need to be active in the community for at least two months and that is long enough for people to understand they need to secure their accounts.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
It sounds like a good idea, BUT...
Mostly newbies who register on bitcointalk are new in this world. Some of them even don't have bitcoin wallet at time of registration, others are using wallets which don't have ability of signing a message, so there is no point to use such wallet address for registration. And even many more experienced users don't have idea how to sign a message. And these who knows how to do it can use thread made for staking wallet address.
legendary
Activity: 1092
Merit: 1000
nahtnam.com
A lot of the posts on here are questions on how to get started, and they will not know how to properly create and secure a bitcoin address. Also I tend to switch wallets pretty often so I would also have trouble verifying my own account if I were to lose access.
hero member
Activity: 672
Merit: 503
Since a few days we have already got an excellent solution against hacking accounts. When email  is changed, a link is sent to previous email and we can lock our account during two weeks. The same happens on password change and we can see already good results. In this way we are also able to change email if email account  is lost.

This implies that you didn't get your email account hacked/lost too. Sometimes people register in forum with email addresses that they don't usually use, only created exclusively to register at a particular place. This could lead to your email being expired due not login in in 6 amount of time, which could lead to not being able to recover your account.

If you also got a BTC address, you could get better chances at recovering it than any other method (assuming that the admins don't take 2 years to check your evidence..) so I don't see how the registration process should at least recommend users to enter a BTC address in case you get hacked.
hero member
Activity: 909
Merit: 508
Since a few days we have already got an excellent solution against hacking accounts. When email  is changed, a link is sent to previous email and we can lock our account during two weeks. The same happens on password change and we can see already good results. In this way we are also able to change email, if email account  is lost.
hero member
Activity: 588
Merit: 541
You could do that but people using a new address for every transaction couldn't use this option to their advantage mate, you could generate a vanity

Address with your forum user name, lower and upper case, then sign a message when you got hacked.
hero member
Activity: 1358
Merit: 834
This shouldn't really be such a big problem. If changing passwords was not possible without e-mail confirmation we wouldn't even need to stake Bitcoin addresses, which can easily be lost when not used for a while.
hero member
Activity: 1330
Merit: 569
Given that more and more people keep losing their account and the only 100% certain verification that a new account can claim to own an older account is if the older account got an unedited, quoted or locked BTC address somewhere... why not ask for a BTC address during registration?

Most people learn about BTC addresses being an useful way to verify your ownership when it's too late, so it comes down to luck if you posted your BTC address somewhere or not, so it should just be a part of the registration process, or at least make it optional and clearly say that if you don't add a BTC address it may be a problem if you get hacked.

Can admins see the history of any changes in the "Bitcoin address:" thing on "Profile"?


You have made a valid point and its something to be considered because cases of hacking have been targeted at high ranking account and the forum is equally doing more to ensure this is addressed to a large extent.

However, the issue I see with your suggestion is at the point of registration, a lot of people don't even know what a wallet is all about like my own case and its not even about owning an address alone but be able to sign from it which we all know as a newbie the only address you get exposed to are web wallets with limited options to use. But its still an idea to fine tuned to come with a better alternative.
hero member
Activity: 909
Merit: 508
Given that more and more people keep losing their account and the only 100% certain verification that a new account can claim to own an older account is if the older account got an unedited, quoted or locked BTC address somewhere... why not ask for a BTC address during registration?

Most people learn about BTC addresses being an useful way to verify your ownership when it's too late, so it comes down to luck if you posted your BTC address somewhere or not, so it should just be a part of the registration process, or at least make it optional and clearly say that if you don't add a BTC address it may be a problem if you get hacked.

Can admins see the history of any changes in the "Bitcoin address:" thing on "Profile"?

No, I think, the probability for newbie of loosing wallet or using wallet, which doesn't provide private key for signing message is much higher than to not posting any wallet address in forum. So this should be explained at registration. But who is really interested in bitcointalkforum will learn fast, that wallet address, from which signed message can be sent, should be posted and staked.
hero member
Activity: 672
Merit: 503
Given that more and more people keep losing their account and the only 100% certain verification that a new account can claim to own an older account is if the older account got an unedited, quoted or locked BTC address somewhere... why not ask for a BTC address during registration?

Most people learn about BTC addresses being an useful way to verify your ownership when it's too late, so it comes down to luck if you posted your BTC address somewhere or not, so it should just be a part of the registration process, or at least make it optional and clearly say that if you don't add a BTC address it may be a problem if you get hacked.

Can admins see the history of any changes in the "Bitcoin address:" thing on "Profile"?
Jump to: