Topic: When will the account recovery problem be solved? (Read 447 times)

Someone already compiled a list of accounts, though I don't think it's even half complete: https://bitcointalksearch.org/topic/list-of-accounts-that-need-to-be-recovered-17-accounts-4190622

Another case of insanity: 9 months of wait for an hero account and counting:

https://bitcointalksearch.org/topic/almost-1-year-hero-account-locked-please-unlock-i-have-many-proofs-2851296

I would like to see if someone can make a list of all the most blatant cases of a person whose account obviously belongs to the user demanding it to be recovered but they have been waiting for a long time to no end. I wonder who currently holds the forum record of waiting. Looks like some people is definitely about to cross the 1 year mark... c'mon guys.

edit: actually that guy says he cannot sign a message, but anyway, there are many other cases, for instance:

https://bitcointalk.org/index.php?topic=2251399.40

That's x4 signature proof. Yet it's been a wait since November 2017. We a have big queue of cases like that, which would take 2 seconds to fix. The longer a solution is delayed the bigger the queue is becoming. At some point it will be nonviable even after hiring more staff for the task. We need to empty the queue soon.

But if someone sells his own private key, or loses it, this is entirely his fault.

This is different from a hacked account, which is a lot more unsafe.
As a private key can be stored 100% offline.

That creates another angle of attack: people lose (or even sell) private keys, which would give someone access to their account.

Bottom line is: Automation.

i think this could be easily solved using a form on a login page.
You just click on "my account was hacked"

Then you enter your username, your registered address  and the page tells you to write today's date and sign the message.

This could be easily checked, maybe even automatically if someone uses a script like brainwallet's website.

If the message verifies successfully, you are redirect to a set a new password page

The only way it is going to be solved is if theymos or cyrus start actively restoring them, or somebody else is promoted to Admin or given access to restore accounts. The issue is purely manpower based. Theymos and Cyrus probably don't have time so they're just not getting looked into. Even cases that almost certainty cut and dry are just getting added to the pile which grows bigger every day.
 

If theymos wanted to make more money there are numerous legitimate ways that he could monetise this forum better, but as usual people like to invent conspiracies up because they're always more sexy and exciting. I've personally suggested a few ways to theymos like adding more donator ranks and more advertising slots like at the top of certain sub boards (I think people would pay premium for ones above Bitcoin Discussion and Gambling etc). The current advertising slots are barely noticeable especially when they're drowned out with signatures (and some people have even mistaken them for a signature advertisement before). If theymos wanted more money for himself he could also just pay himself a huge wage but as far as mod payments go even a very active patroller gets more than him currently so it's probably not about money. A while back I did even suggest he pay himself an appropriate wage and do admin duties here full time because one is still badly needed and if there's nobody else he trusts fully then that's probably the only way.


Any other active staff member could do this as well. I don't think Cyrus' account has full admin-access like theymos' (or root access or whatever).


I wouldn't be against a user like you doing it but there are also numerous staff members who could as well. I think you'd get pretty burned out by it quite quickly though if you were doing it purely voluntarily. You would get spammed to death by people and the amounts of accounts that need restoring is probably at least a part-time job right now (and we probably need at least one full time admin anyway to handle all the other issues). If you're happy to spend half of your time on here restoring accounts for fun though, then go for it  .


Exactly, there's always a weak point and anyone could be targetted or slip up at some point. Let's not forget that one of the main reasons why people are losing their accounts in the first place is that the forum was hacked and password hashes were leaked. Is this theymos' fault? No, it was the hosting's as they were cleverly exploited, but it shows you that there's always some way that you can get hacked.

Personally, I don't really care who does it as long as they're trusted, but if theymos and cyrus aren't actively going to be doing account restorations then someone else really needs to.

Theymos answered this:

This is a serious problem and it should be solved in hours instead of months. It can be frustrating for a member to wait for so long.

I've spent almost 300 days online in this forum.  I don't make any money...  Some people do things because they like to do them.

I don't think it's a conspiracy, more like little time for something that takes a lot of time to verify.

I guess this is where the conspiracy theories come from, said conspiracies being that theymos and cyrus take control of some accounts in order to sell them or something along the lines. I think that is nonsense considering theymos is loaded with bitcoins from being an early miner so he is set for life, cyrus is probably in good standing too.

At the same time, the fact that they are bitcoin whales also make it understandable that they wouldn't spend too much time managing the forum, but this isn't a justification to leave people in a desperate endless wait, ignoring signed bitcoin addresses as definitive proof (if that proof is going to be ignored, then what's the point? that is what bitcoin is about, verifying, and verifying takes just a minute, something that Staff could be doing speeding up the process and cleaning up the meta section as all the lost password threads get solved. As people get desperate they bump their own threads, so the queue keeps growing and everyone is self bumping these growing threads, eventually the entire meta section will be people wanting to get their passes recovered.

I've volunteered in the past to help with this issue but didn't get a reply. Nothing else I can do on my end.

Yes, it does

Hilariousandco often responds in those threads already, it seems to me he's capable and has the time to do it, but has no access to restore accounts.

I tried that that 2 months ago, but locked the thread after reading this:

Now both theymos and cyrus just keep getting the same PMs over and over again. That's a waste of their time too.

While you see an account recovery problem, I’m sure the forum’s administration sees it as a user securing their login problem.

It's not even a matter of being a cyber security expert. It's only a matter of time and everyone will get their password stolen or somehow compromised, it's going to happen to everyone because of reasons out of your control.

Again, one just can't "cold storage passwords". Passwords are exposed online daily, by necessity, this is an huge attack vector, that can come from the forum, from the email provider, and so on. This is why Bitcoin is genius, the cold storaged private keys don't suffer from that. Which is why also account recovery, when presented with signed private addresses, should have high priority and the recovery should be fast, not take months, sometimes not even happening.

I agree. Everyone can be hacked. Maybe not everyone ,but most of people.  not everyone here is a cyber security expert, there is a lot of diversification here in this forum.

 people have different life styles. Some people use multiple devices (if someone travels a lot), or they can trust some third party password manager that got hacked... There are many things out of our control, and one security solution that works for one person may not work for another as they have different habits

Unfortunate events can happen to everyone. Even satoshi lost his gmx account and said account got eventually hacked and exploited. It can happen to anyone. Keeping email accounts and forum passes online it's not the same as keeping your private keys offline (which never touch the internet). As soon as something touches the internet there is a % of disaster out of your reach, like a security breach on the email provider's side and so on.

I guess theymos is paranoid to allow other people to do this job, otherwise I don't understand why he doesn't hire more people. Until then we will have ridiculous amounts of threads with an endless queue of people wanting to get their account back.

I could do it too, it would take me literally 1 minute to verify signatures and a quick look at posting history.

I still don't think that it justifies putting them on standby indefinitely. Everyone makes mistakes, and those people got hacked because of them. We're not a perfect society and forcing people out of their accounts on this forum because of their blunders in the past is way harsher than it needs to be.


Surely once we get past the backlog of hacked accounts, the influx of them can't exceed, say, 20 or 30 a day (which is quite an overestimation just to emphasize my point). That number would comfortably be checked and restored within an hour. An hour of work per day can, again, comfortably be put onto one semi-dedicated person. All we need is some extra work in the beginning and this issue wouldn't even be an issue.

Here is what I don't understand.... Theymos is intelligent when it comes to programming.  He could easily create a type of account that had limited moderator abilities - specifically  the security rights to unlock an account.  A trusted user (like me) could spend some time to review signed messages and restore accounts, reducing workload.

I guess he just does not prioritize account recovery.  I understand his reasoning, since losing your account is, in most cases, your fault.