I think he deserves the neg trust. As I stated my question was there but was already in a disabled state. So it is far superior then no question at all. Since a hacker would spend all eternity and get no where trying to answer the question.
It was what is the name of my wife's father.
A hacker could have tried every name ever written in the human race and have no answer.
Since I knew I my secret question was disabled but listed I had created a time waster trap for hacker's which this moron fucked up with his clever hacking bs.
So frankly his so called well intended deed fucking helps hackers since they now know security question can be disabled and thus un answerable.
Non sequitur. Nothing that you said indicates that the user deserves negative trust feedback, or speaks to his trustworthiness in any way. Beyond that:
First of all, you are creatively rewriting history. Look back to the beginning of the thread. You were so scared that you had been hacked, you self-quoted from another account to preserve your post.
Zeroth of all, you have now passed beyond the realm of security theatre into
Rube Goldberg style security. Guess what: My Bitcoin wallet has “no [secret] question at all” (of this type). Would it be made “far superior”, if a ridiculously weak insecurity misfeature were added, and then misused in a way that’s less weak? Please advise: I am considering the possibility that I may write my own Bitcoin wallet software.
Reductio ad absurdum, would my wallet “fucking help hackers” by only using poor, weak little
Bitcoin public keys, without a “secret question” insecurity mechanism? Should I draft a BIP to add a consensus feature that lets people somehow add coin recovery questions on the blockchain, if they can leave it blank as you describe? Would that improve Bitcoin’s security to be “far superior” to what it now is?
I think that you and some others still don’t understand that
the whole “secret question” feature is strictly a negative to security, with no security benefits whatsoever. It was originally an account recovery mechanism:
A per-account backdoor to gain access to an account, without knowing the password. As mprep informed us, it was changed in 2015 to be “only” a way to lock an account without the password.
I have no “secret question” set on any of my Bitcoin Forum accounts. My accounts are surely more secure than yours. You still believe that you can nonsensically add security with a misfeature designed to undermine security; that indicates to me that you do not know how to secure an account.
This PM's didn't come from a high-ranked user, a moderator, or from a highly trusted member. In the contrary, it came from a low-ranked member that has only negative feedback on their trust (both given & taken). If what I said is not clear, this user since 2019 has only provided negative feedback to other users, and not a single positive one (+ the negative feedback that have received so far).
Furthermore, there is a warning on their trust feedback page, that "This user's email address was changed recently."
When I first checked his account after this thread began, he had only one received feedback of any kind: willi9974’s negative dated 2022-07-07,
now removed. As of early yesterday, he did not have any negative feedbacks not pertaining to this incident.
I don’t know why you think that sent feedback is relevant. I myself have only rarely sent positive feedback. In my case, that is intentional and well-considered. I have written essays as to why—even posted a policy noting this.
General note: I am extremely conservative in matters of trust. I do not trust easily; and most of all, I do not vouch lightly.
Anyway, I don’t see why you would issue negative feedback partly on the basis that someone does not trust anyone here.
Generally speaking, when someone (with purely good intentions) are contacting me, letting me know of possible security breaches, and providing me with advice and optional solutions to overcome a possible threat, I am thankful.
What happened here is completely different though. I received a PM from a user that I didn't know & never interacted before with. The topic of the PM was "(No subject)" & was sent to "(Undisclosed recipients)", hence not directed explicitly to me (it was not intended for only me, but to unknown recipients)
In the beginning, there was a short introduction about a "potential" forum security issue, and a mention of their achievement that they have already frozen a user account because the user didn't follow their security standards. (ie they took the law into their hands, and executed it accordingly leaving the user with a locked/frozen account -just because they could-, instead of informing a moderator about the situation and letting them handle it in the most appropriate way).
Then, things started getting a bit more interesting. This user demanded me not only to change my security settings but to also report back to them (secretly via PMs) stating how I improved my account security (ie providing them details about my security settings and the way I "improved" them - ie changed them). Not only that, but they also threaten me that if I do not comply and they do not get a reply back from me, they will report me to the board administration "for our all safety"
Hence, in my point of view, someone was sending PM's acting as forum police, making demands and threats, without even having the authority of doing so, having as an excuse a very critical forum security issue (security question in place).
As I indicated in my initial post on this thread, I thought it was clumsy and naïve. I think it’s likely that newalias did not foresee the nature of many people’s reactions. I have seen it before in security contexts: Someone tries to be helpful, in a way that inadvertently incites suspicions—even panic.
Pending investigation, a precautionary negative feedback may
arguably have been warranted. Well, I do not agree with it; but I also don’t think it necessarily shows poor judgment. willi9974’s tag said said he received a suspicious PM. In my opinion, it was hasty; but it was not so unreasonable, in the circumstance.
You and uelque both gave bad security advice in your feedback—as if the “secret question” misfeature were beneficial to security. You both also jumped to conclusions about a malicious hack. In my opinion, that shows poor judgment. I do not want such tags above the fold in my view of trust pages.
greenplastic’s tag was beyond the pale: A string of all-caps profanities, with no explanation. That shows
extremely poor judgment.
I also disagree with your interpretation of the PM’s wording—with how you read it.
But thank you for explaining; I am glad better to understand your thought process. I hope you better understand my own thought process from this post.
For my part: I just saw this thread and thought, “Oh, no. This fellow is about to be mobbed.” I do not know newalias, and could not vouch for his intentions; caution was indicated. But I strongly disagreed with how it seemed that everyone else thus far was jumping to conclusions. It looked to me
more likely than not that he was attempting to improve forum security—maybe going about it in a misguided way, liable to be misunderstood. I have
always detested that stupid “secret question”—thus the strength of my reaction here.