BitShares Forum
Main => General Discussion => Topic started by: mint chocolate chip on January 21, 2015, 06:21:36 pm
-
My brother-in-law who I got to invest in BitShares AGS/PTS back in March had all his bitshares in his wallet, on January 15 he made a terrible mistake and transferred all of his bitshares to 'bter' instead of 'btercom' when trying to send his funds to the BTER exchange.
I hope that the owner of the username 'bter' has it within his or her heart to return the funds back to the account from which they came.
FROM tvo
MEMO bter651141m165612
635,703.00
Jan 15, 2015 at 9:59:32 AM PST
Thank you.
-
I did the same thing.
Chances are very slim he has any heart at all.
-
Been there too. Luckily only about 50$ worth at the time. Heart felt sympathy goes out to you and your brother in law.
I really think it'd be great if the autofill in the wallet didn't make it so easy to make a mistake here. I think that is what happened to me - bter is the first account it suggests.
I think someone suggested a possible solution but I forget what it was now.
-
It would be good to explore excluding names from the suggestion list with a certain threshold of negative rep associated with them. Maybe make the reputation threshold relative based on the current average reputation.
So, if we all burned 1k BTS against "bter" they would no longer come up in the list because they're considered untrusted.
-
I think autofill in general is a bad idea. As more and more users join, the blockchain will be cluttered with every single name imaginable anyway. Imagine autofill for gmail addresses, whatever you type in there will always be some guy who registered that combination of letters already.
-
Ouch. I'm in favor of putting a warning next to "bter" account and/or hiding stuff with negative rep from the autofill.
-
I think this might have been one of the "benevolent squatters", let me dig up that thread and see... don't get your hopes up
-
Ouch. I'm in favor of putting a warning next to "bter" account and/or hiding stuff with negative rep from the autofill.
If you can remove names from the autofill with a negative rep someone could do an attack where they register a name so close to an exchange account that it shows up as number 2 on the autofill, then bombard the exchange with negative rep to remove it from the autofill and become the first suggestion for that name instead.
How about only having autofill for accounts you have sent money to before? So you have to verify the first time you send funds to an exchange, but then after that you're safe and can trust the autofill.
-
I think this might have been one of the "benevolent squatters", let me dig up that thread and see... don't get your hopes up
I don't think so, I pm'ed both of them and heard back from one so far, seems they got in after btercom was created.
-
Maybe we could have a bounty to investigate who owns this name. It's likely to be closely linked to whatever the real account name they used unless they tried hard to preserve anonymity.
-
This is embarrassingly bad UI.
https://github.com/BitShares/web_wallet/issues/533
-
I'm gonna get shot down for this... but this is yet another case where bitshares could benefit from having reversible transactions.
You could set a block target for when the transaction was spendable (like an uncleared balance in a bank), and up to that block the transaction could be reversed by the sender.
-
i would keep autofill but just for accounts which user has apporved and added to favorites!
-
Maybe set a threshold where the user specifies an amount and the systems prompt for a verification click over that amount.
ex. "This is your first time sending to this name, are you sure it this is the correct name?"
-
I'm gonna get shot down for this... but this is yet another case where bitshares could benefit from having reversible transactions.
You could set a block target for when the transaction was spendable (like an uncleared balance in a bank), and up to that block the transaction could be reversed by the sender.
I think this is a really good idea +5%. By having a pending transaction feature, the real Bter could confirm on the deposit page that he has an incoming deposit. Users would expect to see this notice when they send to Bter. If they dont see anything after a while it gives them a chance to realise that they made a mistake and thereby reverse the transaction.
-
this is terrible!
name are great - because say are easier, but this is also the back side - you can easy take the wrong one.
i would love to see a more complex naming system
not just ; shentist
more like a address
1. shentist
2. jupiter
3. blue
so it would be not so easy to mistake someone for another person
- you should also start to send only a small portion in the beginning and check if it is function or not.
-
I dont get the automatic kneejerk against reversible transactions.
-
I don't think he will be returning the funds. If you register the name "bter" then you would want someone to get tricked so you can make some money off it.
-
I dont get the automatic kneejerk against reversible transactions.
It's because a reversible transaction is equivalent to a slow normal transaction. At best, bter could make a thing that says "we see your incoming transaction", but then the user is still responsible for noticing the lack of a signal and triggering the reversal. Meanwhile everyone else suffers slow transactions, or we make it optional and then nobody would choose to support it.
-
It's because a reversible transaction is equivalent to a slow normal transaction. At best, bter could make a thing that says "we see your incoming transaction", but then the user is still responsible for noticing the lack of a signal and triggering the reversal. Meanwhile everyone else suffers slow transactions, or we make it optional and then nobody would choose to support it.
Yes make it optional and then make the client recommend (with a dialog box) that a newbie user uses that feature. At least the client itself would support it by showing a countdown to irreversibility. Anyway youve probably thought about this already.
I think we should keep a running tally of how much the scammer has won - how much did your brother-in-law lose?
-
The situation in the OP makes me sick. That guy will be turned off from using bitshares ever again. $6k down the drain, christ..
https://github.com/BitShares/web_wallet/issues/533
I want to crowdfund a partial reparation but I'm afraid that would open the floodgates for everyone else who got ripped off.
-
Just an opportunity to repost this info.
I have one of those -'bter-deposit' to be exact. If you ever make a mistake to that one just let me know, cause I will not see it fast, as it is in non-active wallet of mine. Other than that Clains has a bunch of those accounts but I do not think this one in particular... anyway check with him.
Man, I cannot wait for the day we will be able delete accounts, to get rid of that one...
-
Maybe we could have a bounty to investigate who owns this name. It's likely to be closely linked to whatever the real account name they used unless they tried hard to preserve anonymity.
Wouldn't it be wonderful to find out?! I'd love to see how such a thing could be done. What resources would likely be necessary? What would be the chances of finding the culprit?
It's too sad that there are opportunists (on all scales) who will cause harm by taking from others.
-
I'm gonna get shot down for this... but this is yet another case where bitshares could benefit from having reversible transactions.
You could set a block target for when the transaction was spendable (like an uncleared balance in a bank), and up to that block the transaction could be reversed by the sender.
But why would you ever want to do this as a sender? BTER wouldn't give you access to the funds in your account until the transaction became irreversible, so it would be akin to filling out the sending information and then waiting 30 mins before clicking send.
-
https://bitsharestalk.org/index.php?topic=13550.msg176898#msg176898
-
You already found him!? Wow that was fast, well done.
-
But why would you ever want to do this as a sender? BTER wouldn't give you access to the funds in your account until the transaction became irreversible, so it would be akin to filling out the sending information and then waiting 30 mins before clicking send.
If I were sending $6k to anywhere, I would chose that option by default just for the safety factor.
-
i would suggest to make the account with 2 or more names, like a 2 factor authification process. To get 1 wrong is likely, but to get 2 or 3 wrong is nearly impossible.
-
Ouch. I'm in favor of putting a warning next to "bter" account and/or hiding stuff with negative rep from the autofill.
I think adding reputation is a good idea, but we should not consider blacklisting.
We COULD come up with rules along the way and force people to change account names OR have their account closed without access to the funds. But simply blacklisting something is a dangerous precedent to set.
-
But why would you ever want to do this as a sender? BTER wouldn't give you access to the funds in your account until the transaction became irreversible, so it would be akin to filling out the sending information and then waiting 30 mins before clicking send.
If I were sending $6k to anywhere, I would chose that option by default just for the safety factor.
I see the point of "locking in" the transaction. That's actually quite neat. It wouldn't have to be done through delayed transactions though, you can just have a system that sends a mail to the name of exchange using bitshares mail, and if the exchange receives the mail they can confirm to you that you have the correct name. Ultimately I do think the robohash kind of serves this purpose well enough already though. If you want to confirm that you've typed the correct name, you can look at the robohash that shows up and then go back to the exchange website to check if it indeed is the correct one.
-
bter.com should just stop using 'btercom' for deposits and only provide account key. They were too late to register 'bter' and now they got to stop confusing their customers or this will soon turn into real chaos :(
-
bter.com should just stop using 'btercom' for deposits and only provide account key. They were too late to register 'bter' and now they got to stop confusing their customers or this will soon turn into real chaos :(
well damn, GUI does not support this ::)
-
titian is a bad
-
I'm gonna get shot down for this... but this is yet another case where bitshares could benefit from having reversible transactions.
You could set a block target for when the transaction was spendable (like an uncleared balance in a bank), and up to that block the transaction could be reversed by the sender.
+5%
-
Bter just should add a fat warning on their deposit site making you aware of the situation.
Also I'm surprised that it was possible to link that account so fast, did you find it with network analysis? Shouldn't titan make this much harder?
-
Bter just should add a fat warning on their deposit site making you aware of the situation.
Also I'm surprised that it was possible to link that account so fast, did you find it with network analysis? Shouldn't titan make this much harder?
The guy wasn't exactly careful to cover his tracks, also we're phasing out TITAN specifically because of the false sense of security it gives at this point (well also because it makes the thin client much simpler).
-
Bter just should add a fat warning on their deposit site making you aware of the situation.
Also I'm surprised that it was possible to link that account so fast, did you find it with network analysis? Shouldn't titan make this much harder?
The guy wasn't exactly careful to cover his tracks, also we're phasing out TITAN specifically because of the false sense of security it gives at this point (well also because it makes the thin client much simpler).
My guess: contacted major exchanges, asked about who was receiving funds from "bter" account, associated them with their forum identity based on their exchange account name or email.
-
i would suggest to make the account with 2 or more names, like a 2 factor authification process. To get 1 wrong is likely, but to get 2 or 3 wrong is nearly impossible.
Good idea!
Exchange can register two-fator account on blockchain,two-fator have unique check code.when we tranfer to two-fator account,we must need check code .and when we transfer to non-two-fator account with checkcode ,transfer should fail.
-
---
toast edit: please don't reveal until we can make proper case
-
---
toast edit: please don't reveal until we can make proper case
-
for add a contact account, you must input both account name and account ID
and you can only transfer money to contact account.
protect at client, both CLI and qt wallet, not at api.
-
i would suggest to make the account with 2 or more names, like a 2 factor authification process. To get 1 wrong is likely, but to get 2 or 3 wrong is nearly impossible.
Good idea!
Exchange can register two-fator account on blockchain,two-fator have unique check code.when we tranfer to two-fator account,we must need check code .and when we transfer to non-two-fator account with checkcode ,transfer should fail.
Better yet, they could make an account for each user and use that as a 2-factor account along with btercom. So for me to deposit, I would have to send funds to 'btercom' and 'fluxer555'.
-
Adding a blacklist
-
I think this might have been one of the "benevolent squatters"
Agreed. I remember way back when people were registering names thinking they could sell them (guilty) someone spoke up after registering bter and said they were or did give money back to someone on the forum. It was someone that was prevalent on the forum (back then), from what I remember.
... we're phasing out TITAN
??? No more "anonymity"?
-
also we're phasing out TITAN specifically because of the false sense of security it gives at this point (well also because it makes the thin client much simpler).
so what is the plan? we will come back to the long-bitcoin address-like address ? : ))
-
i would keep autofill but just for accounts which user has apporved and added to favorites!
Yes, +5%
-
So far as I know, this is not the first time that someone mistakenly send fund to "bter". Luckily, we have identified the suspected person that owns "bter".
-
also we're phasing out TITAN specifically because of the false sense of security it gives at this point (well also because it makes the thin client much simpler).
It's user's and the GUI autocomplete fault not the titan.
-
So far as I know, this is not the first time that someone mistakenly send fund to "bter". Luckily, we have identified the suspected person that owns "bter".
Are we expecting this to happen? :D
(http://www.topia.net/images/iran%20protester%20beaten.gif)
-
How about only having autofill for accounts you have sent money to before? So you have to verify the first time you send funds to an exchange, but then after that you're safe and can trust the autofill.
^ this.
It's not only a practical necessity but also a question of legal liability: if Al-Qaeda or ISIS creates Bitshares accounts, Bitshares could get into quite some trouble if it keeps suggesting people to send them donations each time they type "al" or "is" in the address box.
-
Are we expecting this to happen? :D
I'm also wondering how this sort of unfortunate issue will be addressed, now and in the future. Particularly, I'm interested in how the NAP (non-aggression principle) or the Golden Principle (https://bitsharestalk.org/index.php?topic=13215.0) might be applied in this situation, and even if people think it an appropriate circumstance to do so?
What is the best course of action - or what actions are even available in a decentralized network such as bitshares?
Social pressure?
Shunning?
Blacklising of account? (what would this look like in practice?)
Community crowdfunding to restore the missing balance?
Or...?
-
Are we expecting this to happen? :D
I'm also wondering how this sort of unfortunate issue will be addressed, now and in the future. Particularly, I'm interested in how the NAP (non-aggression principle) or the Golden Principle (https://bitsharestalk.org/index.php?topic=13215.0) might be applied in this situation, and even if people think it an appropriate circumstance to do so?
What is the best course of action - or what actions are even available in a decentralized network such as bitshares?
Social pressure?
Shunning?
Blacklising of account? (what would this look like in practice?)
Community crowdfunding to restore the missing balance?
Or...?
Delegates could really work well for so many things. "Insurance" delegates could be used to pool funds to help people who get screwed by any number of issues. Someone donates, say 10bitUSD to the insurance fund and they get that matched by the delegate up to a certain amount. Then have a thread on the forums where people can talk about how they got robbed or how they got scammed and any other number of things that lost them money and if the community can prove it is true, they can unlock a portion of the funds for said person.
I think disabling TITAN is a bad idea. But I am pretty sure it won't matter what I think on this issue. TITAN is wonderful and one of the great innovations that BitShares brings to the table. Why phase something out because it makes something more difficult when we can just learn to have patience and get the tools we are going to have built....and have them built right?
-
Delegates could really work well for so many things.
I agree that delegates could work well for many things. But as soon as we begin talking about something like "insurance delegates" many other questions arise. Who becomes the arbiter of decisions? The delegate? The community? The largest stakeholders? How do our answers to that question square with our values around justice, and liberty?
And if our answer has anything to do with resolving it on a forum that resides on a centralized server, then what? How robust is our solution to the inevitable problems that will arise and grow in number with a growing user base? How much can be written into code?
What about when someone like educatedwarrior has his account hacked? (https://bitsharestalk.org/index.php?topic=10877.0) Some linux enthusiasts might say that if you're using windows it's fair game. Who decides?
And what of the OP? Is it the responsibility of the one sending to an address to first ensure the accuracy of the address, or is the responsibility with recipient, whether they be a con artist or not? Or is it the responsibility of the community?
I, at a human/empathic level, would like to see the funds restored to the original sender. Also, at a human/community level, I think this situation brings up many questions that we should be considering and discussing on a broader scale.
-
Adding a blacklist
very dangerous...
maybe a reputation system is better...
Sent from my ALCATEL ONE TOUCH 997D
-
I check the deposit instruction in bter.com as the follow picture show. maybe you made a mistake when you transfer bts to bter.com
(http://i2.tietuku.com/8d9bb5e23ca467d8.png)