Bitcoin Forum>Other>Meta
Author

Topic: what is my mistake? (Read 367 times)

mprep
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
what is my mistake?
March 12, 2018, 05:44:38 PM
#15
Quote from: EthanB on March 11, 2018, 10:45:56 PM
Quote from: mprep on March 11, 2018, 07:02:59 PM
Quote from: theymos on March 02, 2014, 07:45:09 PM
Typically, the only acceptable method of proving ownership is by signing a message (including current date and desired new email address) using a Bitcoin address or PGP key associated with the account.

While other global moderators might accept a message signed with an ETH address as proof, I'm not going to until I get an explicit acknowledgement from theymos. Technically, all account recovery should be done by admins but since simple security locks don't require an email changed, any global mod can do it. As for whether they're accepted by the admins as proof for a recovery of a hacked account, that's something you're going to have to ask them.

AFAIK both signing and verifying messages is as easy as for Bitcoin addresses. As for security, it's probably on par with Bitcoin though I haven't really dived into Ethereum's technical side to be 100% sure.

That post from theymos was from before Ethereum existed, so given that the security is (probably) on par with bitcoin's message signing and private keys then I would imagine theymos wouldn't have a problem with this. I was looking for more of an explicit statement that excluded Ethereum addresses being used in this manner. I've read that post many times, and while I do see your point about it not being explicitly stated that anything other than Bitcoin addresses can be signed, I hope you will reconsider or at least query theymos about this issue for the sake of clarity if nothing else. There is no other information regarding this? It seems strange that some staff would operate one way and some of you would operate another on a matter of account recovery policy. That seems a rather important issue to be uniform/consistent on.

Have you attempted to ask theymos about this yet?
Nothing's stopping theymos from updating the thread to include ETH, LTC or whichever altcoin he wants. In fact, the thread was last edited on October 25th, 2017 (hover over the post's date) which means he has nothing against updating it when procedures change. As for asking him, since this technically isn't even my responsibility and I'm still waiting on an unrelated request I've PMed him about a couple of days ago, I'll leave it to the user in question to convince theymos to add additional account recovery methods.

The reason certain global mods handle account recovery differently is because we're doing so unofficially (there isn't any forum policy requiring us to handle such requests nor is there anything prohibiting us from doing so) and only for a small subset of these requests (non hacked locked out accounts).
EthanB
sr. member
Activity: 462
Merit: 336
Re: what is my mistake?
March 11, 2018, 10:45:56 PM
#14
Quote from: mprep on March 11, 2018, 07:02:59 PM
Quote from: theymos on March 02, 2014, 07:45:09 PM
Typically, the only acceptable method of proving ownership is by signing a message (including current date and desired new email address) using a Bitcoin address or PGP key associated with the account.

While other global moderators might accept a message signed with an ETH address as proof, I'm not going to until I get an explicit acknowledgement from theymos. Technically, all account recovery should be done by admins but since simple security locks don't require an email changed, any global mod can do it. As for whether they're accepted by the admins as proof for a recovery of a hacked account, that's something you're going to have to ask them.

AFAIK both signing and verifying messages is as easy as for Bitcoin addresses. As for security, it's probably on par with Bitcoin though I haven't really dived into Ethereum's technical side to be 100% sure.

That post from theymos was from before Ethereum existed, so given that the security is (probably) on par with bitcoin's message signing and private keys then I would imagine theymos wouldn't have a problem with this. I was looking for more of an explicit statement that excluded Ethereum addresses being used in this manner. I've read that post many times, and while I do see your point about it not being explicitly stated that anything other than Bitcoin addresses can be signed, I hope you will reconsider or at least query theymos about this issue for the sake of clarity if nothing else. There is no other information regarding this? It seems strange that some staff would operate one way and some of you would operate another on a matter of account recovery policy. That seems a rather important issue to be uniform/consistent on.

Have you attempted to ask theymos about this yet?
Quickseller
copper member
Activity: 2996
Merit: 2374
Re: what is my mistake?
March 11, 2018, 09:35:23 PM
#13
It is fair enough to want explicit permission to use an ETH signed message considering the written instructions. However there is no reason why, upon request for clarification, signed messages from major altcoins, when it is clear which altcoin the address was associated with shouldn’t be allowed to be used.

Many people come here to learn about both bitcoin and altcoins and for one reason or another only post the address of a major altcoin. To think that a signed message associated with a major altcoin is insufficient to prove your identity when dealing with a Bitcointalk account is just ridiculous. It is one thing to say the person verifying the message doesn’t have a client to verify the message, but if they have the means to verify the message, there is no reason why it shouldn’t be accepted.
mprep
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
Re: what is my mistake?
March 11, 2018, 09:20:48 PM
#12
Quote from: teddy5145 on March 11, 2018, 08:01:57 PM
But, in OP's case he never posted a Bitcoin address, from surfing through his post history all I did see is that he only ever posted two ETH addresses.
Any possibilities for you to make an exception? If not OP's account can be considered gone without any Bitcoin address to make a signed messages.
Creating ETH signed message are the same as creating Bitcoin Signed message, user need to be in possession of their ETH private key before signing a message, so theoretically it should be as safe as Bitcoin signed message.


Quote from: mprep on March 11, 2018, 07:02:59 PM
While other global moderators might accept a message signed with an ETH address as proof, I'm not going to until I get an explicit acknowledgement from theymos.
teddy5145
hero member
Activity: 714
Merit: 528
Re: what is my mistake?
March 11, 2018, 08:01:57 PM
#11
But, in OP's case he never posted a Bitcoin address, from surfing through his post history all I did see is that he only ever posted two ETH addresses.
Any possibilities for you to make an exception? If not OP's account can be considered gone without any Bitcoin address to make a signed messages.
Creating ETH signed message are the same as creating Bitcoin Signed message, user need to be in possession of their ETH private key before signing a message, so theoretically it should be as safe as Bitcoin signed message.
mprep
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
Re: what is my mistake?
March 11, 2018, 07:02:59 PM
#10
Quote from: EthanB on March 11, 2018, 06:49:50 PM
Quote from: mprep on March 11, 2018, 05:18:05 PM
Messages signed with ETH addresses can't be used as proof for recovering your account.

Can you point us to some more reading regarding this? This is contradictory to something that another user said awhile back. I had assumed that signing an ETH would be equally acceptable, so I'm wondering if there are any official statements regarding this? I'm not saying you're wrong, because you would know better than I would, but I just swear I remember a staff member suggesting that someone sign a message from their ETH address to prove ownership of their account. Not sure if this is a contentious issue, or what the case is, but I would love to read more on this. Is there security concerns when it comes to signing a message from an ETH address or is there no satisfactory way to verify these messages?
From https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545:

Quote from: theymos on March 02, 2014, 07:45:09 PM
Typically, the only acceptable method of proving ownership is by signing a message (including current date and desired new email address) using a Bitcoin address or PGP key associated with the account.

While other global moderators might accept a message signed with an ETH address as proof, I'm not going to until I get an explicit acknowledgement from theymos. Technically, all account recovery should be done by admins but since simple security locks don't require an email changed, any certain global mods can do it as well. As for whether they're accepted by the admins as proof for a recovery of a hacked account, that's something you're going to have to ask them.

AFAIK both signing and verifying messages is as easy as for Bitcoin addresses. As for security, it's probably on par with Bitcoin though I haven't really dived into Ethereum's technical side to be 100% sure.
EthanB
sr. member
Activity: 462
Merit: 336
Re: what is my mistake?
March 11, 2018, 06:49:50 PM
#9
Quote from: mprep on March 11, 2018, 05:18:05 PM
Messages signed with ETH addresses can't be used as proof for recovering your account.

Can you point us to some more reading regarding this? This is contradictory to something that another user said awhile back. I had assumed that signing an ETH would be equally acceptable, so I'm wondering if there are any official statements regarding this? I'm not saying you're wrong, because you would know better than I would, but I just swear I remember a staff member suggesting that someone sign a message from their ETH address to prove ownership of their account. Not sure if this is a contentious issue, or what the case is, but I would love to read more on this. Is there security concerns when it comes to signing a message from an ETH address or is there no satisfactory way to verify these messages?
mprep
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
Re: what is my mistake?
March 11, 2018, 05:18:05 PM
#8
Quote from: teddy5145 on March 11, 2018, 01:12:08 PM
Upon searching from your post, this is the only address I managed to find
Quote from: gakadem on January 31, 2018, 01:08:36 PM
hi dev, this is my EtherWallet  Wink
0xbC119335051E4D09692F9393046ab3babD78800D

Sign a message using that Ether address with format that Mprep Gave to you above, after that send it either to Theymos or Cyrus to be recovered, expect a long time for a reply.
Messages signed with ETH addresses can't be used as proof for recovering your account.
teddy5145
hero member
Activity: 714
Merit: 528
Re: what is my mistake?
March 11, 2018, 01:12:08 PM
#7
Upon searching from your post, this is the only address I managed to find
Quote from: gakadem on January 31, 2018, 01:08:36 PM
hi dev, this is my EtherWallet  Wink
0xbC119335051E4D09692F9393046ab3babD78800D

Sign a message using that Ether address with format that Mprep Gave to you above, after that send it either to Theymos or Cyrus to be recovered, expect a long time for a reply.
mprep
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
Re: what is my mistake?
March 11, 2018, 12:53:08 PM
#6
Quote from: ?? on ??
Sorry Guest, you are banned from using this forum!
For security, your account has been locked. Email [email protected]
When I try to login, so like this sir
Read my previous post. Follow the instructions. If you can't, consider your account gone.
EthanB
sr. member
Activity: 462
Merit: 336
Re: what is my mistake?
March 11, 2018, 10:12:16 AM
#5
Quote from: ?? on ??
Quote from: mprep on March 10, 2018, 07:47:31 PM
Have you, by any chance, tried to reset your password via a secret question?
right, I reset my password with a secret question ..
can I use my account again?

If you try to reset your password with the secret question I'm pretty sure this locks you out of your account automatically, because of a database breach or some other security concern awhile back. This is not a fun part of our forum experience and there should be something done about it. There should either be the removal of these secret questions, the restructuring of these questions or at least a blatant warning surrounding their usage so that you know what is happening. I've always wondered about the secret question flaw giving people the ability to lock anyone's account, or does it only lock the account if answered "correctly"?

Regardless, looking through your post history it doesn't look like your posts are painfully bad. Most people that are cut-off for spamming are very severe cases and you seem more clueless than malicious in my opinion. How do you know you were banned by Theymos?

There needs to be more explanation as to what happened immediately preceding your account lock, what messages have you received to verify your suspicions and what have you done to remedy the situation.

More on account recovery : https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545

mprep
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
Re: what is my mistake?
March 11, 2018, 10:03:13 AM
#4
Quote from: ?? on ??
Quote from: mprep on March 10, 2018, 07:47:31 PM
Have you, by any chance, tried to reset your password via a secret question?
right, I reset my password with a secret question ..
can I use my account again?
Resetting your account via a secret question automatically locks your account due to security issues with said feature. If you want to have your account unblocked, you're going to have to sign a message as per the quoted instructions bellow. Since your account was just blocked and not actually hacked, you can send this message over to me and if everything's in order, I'll unlock it. If and once you get your account back, remove the secret question and answer from your profile by setting both to blank and saving the settings. Further attempts at recovering your account via the secret question will continue to lock your account so don't do it.


From https://bitcointalksearch.org/topic/unofficial-list-of-official-bitcointalkorg-rules-guidelines-faq-703657:

Quote from: mprep on July 21, 2014, 12:27:51 PM
Q: My account was hacked! What do I do?
A: See this thread: https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545. If you don't know how to sign a message, see this thread made by shorena: https://bitcointalksearch.org/topic/how-to-sign-a-message-990345

Also, remember when PMing the signed message, send it in [code ][/code ] brackets (just without the space at the end). For example,

Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
My account has been hacked/lost. Please reset the email to . The current date is .
-----BEGIN SIGNATURE-----


-----END BITCOIN SIGNED MESSAGE-----

Here is the unedited post where I posted that address: ...
OR
I sent that address to someone in a PM with PM ID#...

If you don't know how to sign a message and the tutorial mentioned before didn't mention your client, google for some tutorials with terms like: "signing messages with ". For example, "signing messages with bitcoin-qt".
mprep
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
Re: what is my mistake?
March 10, 2018, 07:47:31 PM
#3
Have you, by any chance, tried to reset your password via a secret question?
hase0278
hero member
Activity: 882
Merit: 544
Re: what is my mistake?
March 10, 2018, 07:46:02 PM
#2
Quote from: taksrkanah on March 10, 2018, 07:18:53 PM
hi everyone.
I want to ask mainly for moderators. I lost access to my account https://bitcointalksearch.org/user/gakadem-1195092
i am banned by theymos, i want to ask what is my mistake. I am not a farmer my account  and also never spamming.
Thank you in advance please answer
I have looked upon your post and as I can see most of your post(but not all) are spam and is on a megathread(most of your replies are posted on page 10 and above of the thread) wherein the answers just repeat itself. Some of your post are good though, specially the ones that are merited but if you don't consider most of your post as spamming, then think twice. I don't see other reasons why theymos banned you though.
taksrkanah
newbie
Activity: 88
Merit: 0
Re: what is my mistake?
March 10, 2018, 07:18:53 PM
#1
hi everyone.
I want to ask mainly for moderators. I lost access to my account https://bitcointalksearch.org/user/gakadem-1195092
i am banned by theymos, i want to ask what is my mistake. I am not a farmer my account  and also never spamming.
Thank you in advance please answer
Bitcoin Forum>Other>Meta
Jump to: