And like that, everything is going through http://images.weserv.nl/
What I see:
101.165.121.91.in-addr.arpa domain name pointer rbx.weserv.nl.
img code example:
https://images.weserv.nl/?url=i.qkme.me/3pvloj.jpg&fnr
Lots of meme pics from different domains for the testing: https://bitcointalksearch.org/topic/bitcoin-memes-90138
Topic: Tracking pixels (split from Mike Hearn's blacklist thread) (Read 3004 times)
I brought this up to theymos over two years ago. I even PM'd him his IP address and a log of every time he viewed his messages. Letting users embed images has this risk.
The solution, used by forums such as vBulletin, is to have users upload their pictures to the forum, sometimes with a login required to view them. This would be nice for me, because daily, dozens of robots hit every file, link, or image I have posted here (along with skript kiddies).
While protecting users, allowing image upload puts the forum software at risk, for the same reason that avatar uploading is disabled.
A (sanitized) illustration: https://bitcointalksearch.org/topic/m.3578415
What's even funnier is that I can just put a php in image tags, now you are immediately logged to a text file:
(
)
Another thread with tracking fun: https://bitcointalksearch.org/topic/m.1490461
The solution, used by forums such as vBulletin, is to have users upload their pictures to the forum, sometimes with a login required to view them. This would be nice for me, because daily, dozens of robots hit every file, link, or image I have posted here (along with skript kiddies).
While protecting users, allowing image upload puts the forum software at risk, for the same reason that avatar uploading is disabled.
A (sanitized) illustration: https://bitcointalksearch.org/topic/m.3578415
What's even funnier is that I can just put a php in image tags, now you are immediately logged to a text file:
(
Another thread with tracking fun: https://bitcointalksearch.org/topic/m.1490461
One of the guys I never trusted, along with TF and a few others
Maybe I'm a medium
Maybe I'm a medium
lucky you
i trusted tf 
Why not?
Because we don't give a fuck? I don't, for sure.
Why not go the reverse route? He used to go into OTC back in the day completely naked. SOmewhere in the last year there is a ip somewhere in Ny.
BCB has posted nothing since this. It will be interesting to see if he ever posts again, or if he retires that sockpuppet.
http://www.rawstory.com/rs/2011/02/18/revealed-air-force-ordered-software-to-manage-army-of-fake-virtual-people/
He's back after all, posting as if nothing happened:http://www.rawstory.com/rs/2011/02/18/revealed-air-force-ordered-software-to-manage-army-of-fake-virtual-people/
https://bitcointalksearch.org/topic/m.3664200
BCB has always been very suspicious to me, too.
I had those MP exchanges with BCB:
And he never replied.
But thanks to my custom trust list (and tysat
), this guy appears as red to me, now.
I had those MP exchanges with BCB:
Yes, Pyrex. I'm afraid he's been hacked or sold, sorry.
Check the loan post I linked to you, it's really fishy.
Asks for a 2h loan of 5BTC, offering an IPhone 5 as collateral (for a 2 hours loan
), then 4 hours after, when he supposedly didn't need the loan anyone, accepts one for 1 BTC, for no reason, just talking about a mysterious investment, and repays 115% after 2 hours.
After that, a shill appeared out of the blue, rooting for him. The shill is most likely a bought/sold account, too.
Well, just read up the posts I linked, and make your own mind!
Check the loan post I linked to you, it's really fishy.
Asks for a 2h loan of 5BTC, offering an IPhone 5 as collateral (for a 2 hours loan
), then 4 hours after, when he supposedly didn't need the loan anyone, accepts one for 1 BTC, for no reason, just talking about a mysterious investment, and repays 115% after 2 hours.After that, a shill appeared out of the blue, rooting for him. The shill is most likely a bought/sold account, too.
Well, just read up the posts I linked, and make your own mind!
And he never replied.
But thanks to my custom trust list (and tysat
), this guy appears as red to me, now.Pyrex is most likely a hacked/sold account, I went through his post history and it was VERY different. I'm so glad I got my 1.15BTC back, I could've been scammed easily. When I said I wouldn't loan him 5 BTC he replied with "fuck you", so I'd assume he was hacked, although before that I contacted BCB who said he had verified with him that the account was NOT hacked or sold. I questioned it, but went with it. Seems it was most likely a fake too, and I wouldn't be surprised. As someone above said, of some people who I thought would scam, most seem to acually turn out scamming.
BCB has always been very suspicious to me, too.
I had those MP exchanges with BCB:
And he never replied.
But thanks to my custom trust list (and tysat), this guy appears as red to me, now.
I had those MP exchanges with BCB:
Yes, Pyrex. I'm afraid he's been hacked or sold, sorry.
Check the loan post I linked to you, it's really fishy.
Asks for a 2h loan of 5BTC, offering an IPhone 5 as collateral (for a 2 hours loan), then 4 hours after, when he supposedly didn't need the loan anyone, accepts one for 1 BTC, for no reason, just talking about a mysterious investment, and repays 115% after 2 hours.
After that, a shill appeared out of the blue, rooting for him. The shill is most likely a bought/sold account, too.
Well, just read up the posts I linked, and make your own mind!
Check the loan post I linked to you, it's really fishy.
Asks for a 2h loan of 5BTC, offering an IPhone 5 as collateral (for a 2 hours loan
), then 4 hours after, when he supposedly didn't need the loan anyone, accepts one for 1 BTC, for no reason, just talking about a mysterious investment, and repays 115% after 2 hours.After that, a shill appeared out of the blue, rooting for him. The shill is most likely a bought/sold account, too.
Well, just read up the posts I linked, and make your own mind!
And he never replied.
But thanks to my custom trust list (and tysat
), this guy appears as red to me, now.
One of the guys I never trusted, along with TF and a few others
Maybe I'm a medium
Maybe I'm a medium
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
hmm...
hmm indeed. The BF should be onto this like a ton of bricks.
http://www.rawstory.com/rs/2011/02/18/revealed-air-force-ordered-software-to-manage-army-of-fake-virtual-people/
A tracking pixel gets outed. It bears observation that fundamentally any post with in BitcoinTalk with an embedded picture from a domain under your control, or for which you can review server logs, will show the IP address of anyone browsing it. Those browsing IPs addresses have a higher than average likelihood of having a bitcoin wallet on the machine, and present a target list for the would be attacker.
Good security has many layers.
Typically the attacker will get the IP of one's router. But many routers will be running UPnP (so that Bitcoin can function correctly) so it seems possible that a variety of network devices could be exploited. At least as a starting point to further targeted attacks.
http://www.computerworld.com/s/article/9236298/UPnP_flaws_expose_tens_of_millions_of_networked_devices_to_remote_attacks_researchers_say
I really only ran bitcoind in good-citizen mode when I could run it on my router (which was home made.) Setting up an appropriate port-forward from my now standard router would be safe enough that I would do it, but now the bandwidth is to great since I am on a satellite connection.
I'd never keep a significant sized hot wallet anywhere, and definitely not on an active full node. There are simply to many security unknowns for my taste these days.
Oh ya. And fuck BCB. Unsurprisingly he was a shill for the BF (Buncha Fascists) IIRC.
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
hmm...
hmm indeed. The BF should be onto this like a ton of bricks.
http://www.rawstory.com/rs/2011/02/18/revealed-air-force-ordered-software-to-manage-army-of-fake-virtual-people/
A tracking pixel gets outed. It bears observation that fundamentally any post with in BitcoinTalk with an embedded picture from a domain under your control, or for which you can review server logs, will show the IP address of anyone browsing it. Those browsing IPs addresses have a higher than average likelihood of having a bitcoin wallet on the machine, and present a target list for the would be attacker.
Good security has many layers.
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
hmm...
hmm indeed. The BF should be onto this like a ton of bricks.
http://www.rawstory.com/rs/2011/02/18/revealed-air-force-ordered-software-to-manage-army-of-fake-virtual-people/
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
hmm...
hmm indeed. The BF should be onto this like a ton of bricks.
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
BCB, you're going to have to answer for this. Care to explain?
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
BCB, you're going to have to answer for this. Care to explain?
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Really looking forward to when Bitcoin Identity Protocol will allow us to BAN THESE TROLLS AND SHILLS
In the meantime, everyone please ignore this disgrace of a human being that runs the BCB account. Disgusting.
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Well, ain't that nice. Tracking pixels... noting every IP address that views his post.
Why am I not too surprised?
Jump to: