There's pretty much no way you could verify user uniqueness without involving some more official channels..
IPs, emails, bitcoin addresses, forum users, cookies, sessions, system hash, etc etc can all be generated unlimited for free or faked.
Anonymity definitely has its downsides when it comes to enforcing security.
Topic: What next? (Read 1904 times)
I put more global measures in place preventing large scams. Small scams.. I assume this is just business operation expenses? =))
My current measure is to control it manually. And prevent it early. Also I have some hard prevention mechanism in place which keep site from loosing many coins at once. I have some ideas how to make it more sophisticated and automated, but current profit from this project does not make any sense to do it (just like it would not make any sense for someone to build bot for this site - too much time and too little profit).
I am more interested in... if 26 "free" bitcents per hour is interesting for people, will 2 bitcents interesting as well? Where is this line where it become economically not worth it?
My current measure is to control it manually. And prevent it early. Also I have some hard prevention mechanism in place which keep site from loosing many coins at once. I have some ideas how to make it more sophisticated and automated, but current profit from this project does not make any sense to do it (just like it would not make any sense for someone to build bot for this site - too much time and too little profit).
I am more interested in... if 26 "free" bitcents per hour is interesting for people, will 2 bitcents interesting as well? Where is this line where it become economically not worth it?
Noviz, could you give me a hint how to implement good anti-duplicate account measure? =) Just keep in mind - this is bitcoin, not credit cards used to fund account.
I know a bit about online security. And running 10 virtual boxes with VPNs set to different IP address seems like an easy solution against any anti-duplicate measure right now. =)
Remember - there are no 100% secure websites. And you can't do it. What you should try to do - make it economically nonsense to exploit "flaws" (just like bitcoins 51% attack - it can be done, but with this amount of power you can get much more legitimate way).
Where I was mistaken - amount of incentive needed to make people try to use this "flaw".
I know a bit about online security. And running 10 virtual boxes with VPNs set to different IP address seems like an easy solution against any anti-duplicate measure right now. =)
Remember - there are no 100% secure websites. And you can't do it. What you should try to do - make it economically nonsense to exploit "flaws" (just like bitcoins 51% attack - it can be done, but with this amount of power you can get much more legitimate way).
Where I was mistaken - amount of incentive needed to make people try to use this "flaw".
Ok fair enough, I see your point... but what surprised me was that you didn't seem to have put any thought into duplicate user security at all, judging by your previous posts. I suppose the anonymity of bitcoins compared to credit cards is one of the fundamental pitfalls that gambling sites will have to cope with.
But I still think you were abit naive in thinking that no one would try to exploit the flaw
If its there then someone will always exploit it.
Noviz, could you give me a hint how to implement good anti-duplicate account measure? =) Just keep in mind - this is bitcoin, not credit cards used to fund account.
I know a bit about online security. And running 10 virtual boxes with VPNs set to different IP address seems like an easy solution against any anti-duplicate measure right now. =)
Remember - there are no 100% secure websites. And you can't do it. What you should try to do - make it economically nonsense to exploit "flaws" (just like bitcoins 51% attack - it can be done, but with this amount of power you can get much more legitimate way).
Where I was mistaken - amount of incentive needed to make people try to use this "flaw".
I know a bit about online security. And running 10 virtual boxes with VPNs set to different IP address seems like an easy solution against any anti-duplicate measure right now. =)
Remember - there are no 100% secure websites. And you can't do it. What you should try to do - make it economically nonsense to exploit "flaws" (just like bitcoins 51% attack - it can be done, but with this amount of power you can get much more legitimate way).
Where I was mistaken - amount of incentive needed to make people try to use this "flaw".
It's a hobby, finding and successfully exploiting a flaw is rewarding in more ways than 0.78 BTC
The only flaw was assuming nobody will be trying to cheat for bitcents. =)
Well if that is what the flaw is then it shows your naivety as a developer. I think its harsh to blame the communities 'bad eggs' for your own bad design. You should never trust your users at all, especially in sites such as yours... it sounds bad but if you don't put the correct security, validation, verification in place then you could get one user in a million that would love to piss your site up. Why didn't you implement any safe-guard against duplicate accounts? Did you just not think anyone would try to do this type of thing? I thought duplicate accounts security would be one of the big things to implement in gambling websites, particularly poker.
It's a hobby, finding and successfully exploiting a flaw is rewarding in more ways than 0.78 BTC
The only flaw was assuming nobody will be trying to cheat for bitcents. =)
Quote
But also for many people, Bitcoin is exactly this. A "flaw" where you are able to generate money out of nothing. Why are you surprised to see this here?
Because it was not like this before =). I believe ridiculous bitcoin price jump caused all sort of scumbags getting into it.
Quote
I just fascinated how small-minded some folks are (became?).
Welcome to the internet
About 75% sure his ip is 128.253.153.95. It's from cornell.edu so possibly you could ring the university, but i'm not sure they could/would do much.
I am not going after him in any case. It is not a point of this post. 78 bitcents worth like 4 bucks. I just fascinated how small-minded some folks are (became?).
I can understand why people hack mtgox. Not that I agree with it, but I can understand what motivates 'em. but this... It is like stealing plastic bags from Walmart =))
I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this).
If this was done by a bot, then 0.26 BTC/hour is actually a decent revenue. It would take some 11Gh/s to make the same amount.This was not a bot for sure. It was manual work.
On the other hand - producing bot who can deal with whole poker protocol, website, registration, bitcoins, etc while would be pretty exciting work, will never pays back since amount of time to invest into it incredible. not saying you should be smarter then this guy to actually do that. =)
About 75% sure his ip is 128.253.153.95. It's from cornell.edu so possibly you could ring the university, but i'm not sure they could/would do much.
I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this).
If this was done by a bot, then 0.26 BTC/hour is actually a decent revenue. It would take some 11Gh/s to make the same amount. 
well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..
Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour 
Is the math right?
$78/3hours = $26/hour
So yes, I should have written $26
My bad! I thought it was 78 bitcoins. Just now saw the cents.
or
My bad! My slide rule has a dent in it.
well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..
Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour Is the math right?
$78/3hours = $26/hour
So yes, I should have written $26
well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..
Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour Is the math right?
I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this).
well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..
Some people get a thrill out of "free" stuff. I think it happens the same with cheating. The guy feels more intelligent than you because he is using your system in a way you did not intent. As I said, if you run a business youll have to deal with this kind of stuff.
Reminds me of this:
=) with all my optimism here, i do not see this happening soon. but i would like it to be like this..
well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..
Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour
well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..
Jump to: