Kryptowährungen ING-DiBa WissensWert

Gwern's BTC addresses flagged by coinbase

Gwern's BTC addresses flagged by coinbase submitted by itisike to Bitcoin [link] [comments]

List of Scott's most influential twitter followers

It seems like Scott/SSC has gotten much more mainstream recognition over the past year, so I was curious to know who the most influential SSC readers are now. Using twitter follower data for this isn't perfect (follower count is not a perfect proxy for influence, not all SSC readers follow the twitter account, etc.), but it's the best I could think of and I figured it would be a fun exercise regardless.
As an aside, a few interesting stats I learned about Scott's twitter followers (scraped on 12/30/17):
  1. Scott is followed by exactly two members of Congress: Justin Amash (Republican) and Jim Himes (Democrat)
  2. Scott has 351 bluecheck followers
  3. Of the top 100 most-followed followers, the gender breakdown (by my count) is 82 men vs 8 women (along with 10 organization or anonymous accounts). Among the top 50, it's 43 men and 1 woman (Liv Boeree)
  4. 385 followers (2% of the total) have bios including either "bitcoin", "ethereum", "crypto" or "blockchain"
  5. There are 67 followers whose bios include either "@Google", "@ Google", "at Google", or "Googler"
Note: When constructing the top 100 below, I excluded accounts that had extremely large Following counts, since I wanted the list to just consist of (likely) actual SSC readers. My exact rule was to exclude any account that follows >20K, include any that follows <10K, and include accounts in the 10K-20K range iff their following/follower ratio was less than 10% (this last condition was mostly just because I wanted to keep @pmarca on the list).
Anyway, below is the top 100. I also constructed lists for Eliezer, Robin Hanson, and gwern, and I can post those in the comments if anyone's interested.
Ranking Twitter Name Full Name Bio Bluecheck Follower Count Following Count
1 @NateSilver538 Nate Silver Editor-in-Chief, @FiveThirtyEight. Author, The Signal and the Noise ( Sports/politics/food geek. 1 2860782 1051
2 @ezraklein Ezra Klein Founder and editor-at-large, Come work with us! 1 2277052 1112
3 @timoreilly Tim O'Reilly Founder and CEO, O'Reilly Media. Watching the alpha geeks, sharing their stories, helping the future unfold. 1 1988716 1829
4 @paulg Paul Graham 1 1066366 322
5 @SamHarrisOrg Sam Harris Author of The End of Faith, The Moral Landscape, Waking Up, and other bestselling books published in over 20 languages. Host of the Waking Up… 1 974855 229
6 @techreview MIT Tech Review MIT Technology Review equips its audiences with the intelligence to understand a world shaped by technology. 1 794095 3367
7 @pmarca Marc Andreessen 1 672740 16319
8 @cdixon Chris Dixon programming, philosophy, history, internet, startups, investing 1 572260 3320
9 @RealTimeWWII WW2 Tweets from 1939 I livetweet the 2nd World War, as it happened on this day in 1939 & for 6 years to come (2nd time around). Created by Alwyn Collinson,… 0 516803 459
10 @VitalikButerin Vitalik Buterin See 1 458582 154
11 @Tribeca Tribeca Great stories from the greatest storytellers. 1 409581 18678
12 @bhorowitz Ben Horowitz Author of Ben's Blog ( and HarperBusiness book, THE HARD THING ABOUT HARD THINGS… 1 405820 255
13 @mattyglesias Matthew Yglesias Fake news. Bad takes. Dad jokes. We’re actually on the Bad Place. 1 372341 754
14 @naval Naval Present. 0 339469 478
15 @SwiftOnSecurity SwiftOnSecurity I make stupid jokes, talk systems security, +, write Scifi, sysadmin, & use Oxford commas. Sprezzatura. 0 211672 7530
16 @alexismadrigal Alexis C. Madrigal staff writer @TheAtlantic in the real world, these just people with ideas Mexican, Oakland, Earthseed 1 203540 5682
17 @ScottAdamsSays Scott Adams Win Bigly: 1 202042 788
18 @Khanoisseur Adam Khan Majordomo; Stuff at @Google @Twitter @SpaceX @Apple Exposing Trump… *Turn notifications on for breaking Trump… 0 183964 9359
19 @felixsalmon Felix Salmon Host and editor, Cause & Effect 1 180414 1832
20 @fmanjoo Farhad Manjoo (feat. Drake) NYT. DMs are open. signal: 4156836738. [email protected]. Instagram/Snapchat: fmanjoo 1 167592 4095
21 @VsauceTwo Vsauce2 Being Human. personal twitter: @kevleeb 0 151795 279
22 @russian_market Russian Market Swiss Financial Blogger. In Bitcoin we trust. 1 148866 939
23 @AaronDayAtlas Aaron Day CEO @Salucorp, Chairman @stark_360. #entrepreneur #btc #blockchain #healthcare #paleo #tech #dad Former candidate for #USSenate #ENTJ 0 133389 2075
24 @justinamash Justin Amash I defend #liberty and explain every vote at • 'Laws must be general, equal, and certain.' —F.A. Hayek 1 131997 5376
25 @Liv_Boeree Liv Boeree Poker player & Team Pokerstars Pro. Physics creature. Aspiring rationalist. Mountain goat. [email protected] 1 125366 451
26 @MaxCRoser Max Roser Researcher @UniOfOxford – Follow me for data visualizations of long-term trends of living standards – mostly from my web publication: 1 114045 583
27 @Jonathan_Blow Jonathan Blow Game designer of Braid and The Witness. Partner in IndieFund. 0 112827 68
28 @andrewchen Andrew Chen Growth: @uber. Writer: Plus one: @briannekimmel 0 111077 6288
29 @charlescwcooke Charles C. W. Cooke Editor of National Review Online. Classical liberal. Immigrant. Jack’s Dad. Wino. ‘The American is the Englishman left to himself.’ 1 110071 872
30 @AlanEyre1 Alan Eyre Diplomat, U.S. State Dept, Energy Resources Bureau. Middle East/Asia Energy; ایران. RT doesn't =endorsement; 'likes' don't necessarily=likes, often… 1 106947 3514
31 @karpathy Andrej Karpathy Director of AI at Tesla. Previously a Research Scientist at OpenAI, and CS PhD student at Stanford. I like to train Deep Neural Nets on large datasets. 1 106643 445
32 @JamesADamore James Damore Nerd centrist interested in open discussions and improving the world by fixing perverse incentive structures. Author of the pro-diversity … 1 94580 210
33 @SherwoodStrauss Ethan Strauss Podcasting 1 88258 1204
34 @james_clear James Clear Author, weightlifter and travel photographer in 25+ countries. Over 400,000 people subscribe to my weekly newsletter on how to build better habits. 1 87968 218
35 @nk from the future Wealth and personal achievement expert 0 81712 591
36 @benthompson Ben Thompson AuthoFounder of @stratechery. Host of @exponentfm. @notechben for sports. @monkbent on other networks. Home on the Internet. 1 78746 1267
37 @matthewherper Matthew Herper Forbes reporter covering science and medicine 1 78698 2111
38 @JeremyCMorgan Jeremy Morgan Tech Blogger, Hacker, Pluralsight Author, and Volunteer Firefighter. Once held the world record for being the youngest person alive 0 78601 7365
39 @balajis Balaji S. Srinivasan CEO ( and Board Partner (@a16z). I hear this Bitcoin thing might be kind of a big deal. You can reach me at 1 70707 2936
40 @patrickc Patrick Collison Fallibilist, optimist. Stripe CEO. 1 68709 1875
41 @matthew_d_green Matthew Green I teach cryptography at Johns Hopkins. 0 68434 594
42 @delong Brad DeLong 🖖🏻 I'm trying to be smart, knowledgable, funny, and well-wishing. You try too--at least 2 of 4. Low volume: 1+ per day... 0 67968 1578
43 @flantz Frank Lantz game designer 0 66090 278
44 @MYSTIQUEWEST MYSTIQUE NYC The Mystique Gentlemen’s Strip Club offers the best in adult entertainment in New York City. With unique stage design, full bars and the most beautiful dancers. 0 64881 332
45 @AceofSpadesHQ TheOne&OnlyExpert I'm not #TheExpert, or the expert parodying #TheExpert. I'm the real expert. 0 64872 1464
46 @btaylor Bret Taylor President, Chief Product Officer of @Salesforce. Previously CEO Quip, CTO Facebook, CEO FriendFeed, co-creator Google Maps. Stanford fan, @Twitter… 1 64829 687
47 @wycats Yehuda Katz Tilde Co-Founder, OSS enthusiast and world traveler. 1 63933 849
48 @jahimes Jim Himes Connecticut Congressman. Reader. Runner. Swimmer. And I make maple syrup. 1 62820 411
49 @abnormalreturns Tadas Viskanta Financial Educator, Author and Editor of Abnormal Returns. 0 61693 413
50 @BrendanNyhan Brendan Nyhan @Dartmouth political science professor, @UpshotNYT contributor, and @BrightLineWatch co-organizer. Before: @CJR / Spinsanity / All the President'… 1 61508 6149
51 @matt_levine Matt Levine da, wo Menschen arbeiten, wird es immer Fehler geben 1 61314 990
52 @BretWeinstein Bret Weinstein Professor in Exile If we don't harness evolution, it will harness us. 1 61049 536
53 @gaberivera Gabe Rivera Blame me for @Techmeme and @mediagazer. Nicer than my tweets. Often sarcastic. DMs are open. 2+2â‰5. Retweets are endorphins. 1 59927 5599
54 @SarahTheHaider Sarah Haider Promotes free-speech, human rights, liberalism, atheism. Director of Outreach,Ex-Muslims of North America. Pakistani by birth, American by… 0 59574 292
55 @TheInfinite_T ✨Infinite_T✨ NSFW Send GoogleWallet to [email protected] pls send all your tokens to Wishlist: 0 59061 645
56 @cblatts Chris Blattman Political economist studying conflict, crime, and poverty, and @UChicago Professor @HarrisPolicy and @PearsonInst. I blog at … 0 57670 2445
57 @jamestaranto James Taranto Editorial Features Editor, in charge of @WSJ op-ed pages. Best of the Web columnist 2000-17. 1 56733 174
58 @nitashatiku Nitasha Tiku Senior writer @Wired covering Silicon Valley [email protected], DM for Signal 1 56133 4327
59 @DKThomp Derek Thompson Writer at @TheAtlantic. Author of HIT MAKERS. Talker on NPR's @hereandnow. Economics of work and play. derek[at]theatlantic[dot]com 1 53387 1116
60 @aliamjadrizvi Ali A. Rizvi Pakistani-Canadian author of The Atheist Muslim (SMP/Macmillan). Amazon order link below. Co-host of @SecularJihadist podcast. Contact:… 1 52806 784
61 @RameshPonnuru Ramesh Ponnuru @NRO, @BV, @AEI, @CBS. Husband of @aprilponnuru. 1 51721 613
62 @JYuter Rabbi Josh Yuter "For my thoughts are not your thoughts, neither are your ways my ways" Is. 55:8. Jewish stuff + bad jokes. All opinions subject to change. 1 50731 2599
63 @meganphelps Megan Phelps-Roper “You're just a human being, my dear, sweet child.” Speaking requests: [email protected] Contact: [email protected] 1 49678 792
64 @albertwenger Albert Wenger VC at 1 49107 1794
65 @paulbloomatyale Paul Bloom Psychologist who studies and writes about human nature—including morality, pleasure, and religion 1 48579 391
66 @conor64 Conor Friedersdorf Staff writer at The Atlantic, founding editor of The Best of Journalism–subscribe here:… 1 46977 1405
67 @EricRWeinstein Eric Weinstein Managing director @ Thiel Capital. Some assembly required. Spelling not included. May contain math. Tweets are my own. 1 46263 850
68 @adamdangelo Adam D'Angelo CEO of Quora 1 45545 526
69 @robbystarbuck Robby Starbuck Director + Producer + Founder at RSM Creative - Husband to @imatriarch - Dad to 3 Kids + 2 Dogs - Futurist - Cuban American - Fan of Civilized Debate 1 45308 1842
70 @clairlemon Claire Lehmann Principle before affiliation. Founder, editor Contact me at 1 45305 2000
71 @tombennett71 Tom Bennett Director of researchED- Chair of @educationgovuk Behaviour group. Free training available here 1 43859 3698
72 @m2jr Mike Maples The woods are lovely, dark and deep, But I have promises to keep,And miles to go before I sleep,And miles to go before I sleep.-Robert Frost 0 43629 3915
73 @DavidDidau David Didau Education writer and speaker. Ginger. #PsychBook OUT NOW!; #WrongBook still available: 0 43531 1092
74 @ByronTau Byron Tau congress et al. for @wsj. interested in law, lobbying, nat'l security, investigations, gov't ethics and . contact me securely: 1 43026 2699
75 @MichaelKitces MichaelKitces One nerd’s perspective on the financial planning world… CFP, #LifelongLearner, Entrepreneur-In-Denial, Advisor #FinTech, & publisher of the Nerd’s Eye View blog 1 42304 459
76 @rahulkapil Rahul Kapil Come to observe. Stay to play. 0 41987 975
77 @michaelbatnick Irrelevant Investor Long-distance reader 0 41620 1076
78 @yegg Gabriel Weinberg CEO & Founder, @DuckDuckGo. Co-author, Traction. I want to publish zines and rage against machines. DM for Signal. 1 39470 151
79 @Jesse_Livermore Jesse Livermore Trader, Speculator, Bucketeer 0 39190 4459
80 @iconominet ICONOMI Digital Assets Management Platform for the Decentralised Economy 0 39030 1942
81 @IKucukparlak İlker Küçükparlak Psikiyatrist 0 38018 757
82 @vdare Virginia Dare The Twitter account for the editors of VDARE. Featured at the 2016 Republican National Convention 0 37723 4429
83 @juliagalef Julia Galef SF-based writer & speaker focused on reasoning, judgment, and the future of humanity. Host of the Rationally Speaking podcast (@rspodcast) 1 37530 340
84 @nicknotned Nick Denton Internet publisher 1 36708 2524
85 @JeremyMcLellan Jeremy McLellan Standup Comedian, Papist-in-training, biryani extremist, alleged member of the Muslim Cousinhood, US ambassador to the Pindi Boyz, spy pigeon trainer 1 36253 1538
86 @collision John Collison Co-founder of @stripe. 0 35995 1290
87 @narcissawright ♕ Narcissa fledgling seer 1 35375 1266
88 @panzer Matthew Panzarino Editor-in-Chief, TechCrunch. Telecom stories killed: 0. PGP Key 1 35162 2902
89 @EconTalker Russell Roberts How Adam Smith Can Change Your Life (, EconTalk host, econ novelist, co-creator of Keynes/Hayek rap videos, 0 34611 669
90 @nktpnd Ankit Panda Senior Editor @Diplomat_APAC in NYC. Thinking/writing/speaking on global security, politics, and economics. Via @WilsonSchool. Views mine & RTâ‰â€¦ 1 34041 995
91 @Official_Quame Kwame A. A Opoku Futurist• Global Business Speaker, Founder @fobaglobal, @wefestafrica, @ideafactorylive • CEO Mary&Mary LLC • Entrepreneur • Tedx Speaker •Influencer 0 33924 3526
92 @dylanmatt Dylan Matthews I know, I know, I don't like me either. Retweets are proposals of marriage. 1 33262 5579
93 @Jonnymagic00 Jon Finkel I'm a magic player who also manages a hedge fund. 0 33234 284
94 @Heminator Mark Hemingway "After all these years of professional experience, why can’t I write good?" Senior Writer @WeeklyStandard. Husband of @MZHemingway. 1 33034 4877
95 @sweenzor Onson Sweemey 0 32044 5288
96 @PhilosophersEye Philosopher's Eye Philosophy updates, pop culture, fun stuff, and links to resources from the Wiley Blackwell Philosophy Team. 0 31931 6503
97 @VladZamfir Vlad Zamfir Absurdist, troll. 0 31764 418
98 @m_clem Michael Clemens Fellow @[email protected]_bonn. My views only. Assoc. Editor @JPopEcon & @WorldDevJournal. Author of @WallsofNations, coming in 2018.… 1 31746 3650
99 @RudyHavenstein Rudolf E. Havenstein ReichsBank®President 1908-1923; Central Bank consultant. 'My way of joking is to tell the truth' - GB Shaw. Tweets solely for my own amusemen… 0 31115 1293
100 @tikhon Tikhon Bernstam CEO & Founder of Parse (YC S'11, acquired by Facebook for $85M in 2013). Founder @Scribd (YC S'06). @ycombinator alum. 0 31030 5184
submitted by disumbrationist to slatestarcodex [link] [comments]

The Bet: BMR and Sheep to die in a year

EDIT: No one has offered to accept any of the bets, so I am declaring this offer withdrawn.
BMR & Sheep have demonstrated their danger, but few black-market-users seem to genuinely appreciate this. I am publicly betting that they will fail in the near-future. If you think I am wrong, just try to take my money and prove me wrong! Otherwise, spare us your cheap talk.
Hi! I'm Gwern Branwen. You may remember me from such black-market webpages as Silk Road: Theory & Practice, and /silkroad. Today I'm here to talk to you about BlackMarket Reloaded & Sheep Marketplace.
(A signed version of this 30 October 2013 post will be posted as a comment, because I wish to use Markdown formatting; my PGP key is available.)


With the fall of SR, we're all very sad: it was a good site which performed a useful function. But life goes on, so it's no surprise we're all moving on to new black markets. That said, I am concerned by the accumulating pattern I am seeing around BMR and Sheep, and by the delusional optimism of many of the users.


BlackMarket Reloaded, since the fall, has been marked by a pattern of arrogance, technical incompetence, dismissal of problems, tolerance for sellers keep buyer addresses & issuing threats, astounding tolerance for information leaks (all the implementation information, and particularly the VPS incident with the user data leak; mirrors: 1, 2), etc. We know his code is shitty and smells like vulnerabilities (programmer in 3 different IRC channels I frequent quoted bits of the leaked code with a mixture of hilarity & horror), yet somehow backopy expects to rewrite it better, despite being the same person who wrote the first version and the basic security principle that new versions have lots of bugs. (I'm not actually bothered by the DoS attacks; they're issues for any site, much less hidden services.)
And then there's the things he's not telling us. Atlantis shut down because they were worried about contacts from LE, and thus far this shut down seems to have saved them; but BMR has been around several times longer than Atlantis - would it not beggar belief if LE had not made contacts, attempted SR-style stings, or infiltrated BMR staff? And remember how we were able to discover all sorts of leaks in DPR's opsec once we had the indictment and knew what to look for? Or consider the claims being made about the Project Black Flag Leaks, where someone claims to have accessed laundry list of information from its internals - only after Metta DPR decided to rip-and-run. If this is what we see publicly for BMR, what on earth is going on behind the scenes?
backopy should have handed on BMR weeks ago, but is still around. He seems to plan to repeat SDPR's mistakes exactly: leak information all over the place, never retire, and just keep on until he is busted and takes who-knows-how-many people down to prison with him. He has learned nothing. What, exactly, is his exit strategy? What goals does he have and when will they ever be satisfied? He has been running BMR for more than 2 years now, and has not left. How does this story end: of a man who does not know his limits, does not have ability equal to the task, and refuses to quit while he's ahead? It ends with a party-van, that's how it ends.
And hardly anyone seems troubled by this! The BMR subreddit is full of bustle; people are even hailing backopy as a "hero" for allowing withdrawal of bitcoins. (How generous of him.)


Is Sheep any better? No. BMR is troubled and probably infiltrated at this point, but Sheep may well be a dead market walking at this point. No one has a good word to say about its coding, so there may well be BMR-style issues in its future. More importantly: the veriest Google search would turn up that clearnet site, and it has been pointed out that the clearnet Czech site hosted by HexaGeek was uncannily similar to the actual hidden service. It uses almost the same exact technology, and the official explanation is that they had "fans" (fans? who set up, many months ago, before anyone gave a damn about Sheep, an entire functioning mirror while cloning the software stack and being in a foreign non-English-speaking country just like the Sheep admins?). Ridiculous! DPR may have set up a WordPress site, but at least 'altoid' didn't run an entire SR mirror! (He left that to & Sheep's likely about one subpoena of HexaGeek away from fun party times in the party-van.

The Wager

I am uninterested in seeing Sheep/BMR busted and lots of newbies caught because they can't appreciate the patterns here. People don't take mere criticism seriously, and even if I lay it all out like here, and I mention that I have an excellent track record of predictions, they still won't because anyone can doom-monger and issue warnings, it won't get through to them. I want to get through to them - I want them to understand the risks they're taking, I want them to reflexively use PGP, and I want them to leave balances on sites for as short a time as possible. So! I am putting my money where my mouth is.


I and 3 others are publicly wagering ฿4 ($816 at today's rate), ฿1 each, on the following 4 bets:
  1. BMR will not be operating in 6 months:
    25%; 1:3 (you risk ฿3 and if BMR is still operating, you win our ฿1, else you lose the ฿3 to us)
  2. BMR will not be operating in 12 months
    40%; 1:1.5 (you risk ฿1.5 & BMR is operating in a year, you win our ฿1, else lose ฿1.5)
  3. Sheep will not be operating in 6 months
    30%; 1:2.3 (your ฿2.3 against our ฿1)
  4. Sheep will not be operating in 12 months
    60%; 1:0.66 (you risk ฿0.66 against our ฿1)
The ฿4 are currently stored in 1AZvaBEJMiK8AJ5GvfvLWgHjWgL59TRPGy (proof of control: IOqEiWYWtYWFmJaKa29sOUqfMLrSWAWhHxqqB3bcVHuDpcn8rA0FkEqvRYmdgQO4yeXeNHtwr9NSqI9J79G+yPA= is the signature by 1Az of the string "This address contains bitcoins for the BMSheep bet run by gwern.").



Arbitration & escrow are being provided by Nanotube, a long-time Bitcoin user & -otc trader, who has handled some past bets (most famously, the ฿10,000 bet between the Ponzi schemer pirateat40 & Vandroiy) and I believe can be trusted to escrow this one as well; he has agreed to a nominal fee of 1%.
(I am not using Bets of Bitcoin because they have a dishonest & exploitative rule-set, and I am not sure Predictious would allow these bets.)


If you disagree and are man enough to take our bets, post the amount you are betting on which bet, and Nanotube will supply an address for you to transfer your bitcoin to. When it arrives in his wallet, then our bet will be in effect.
May the most accurate beliefs win.
submitted by gwern to SilkRoad [link] [comments]

How Ulbricht paid ฿100 to learn about `bitcoind -rescan`

I was revisiting Gwern and my research into the Silk Road / Mt. Gox connection, found something very interesting on the '1MR6pXD' address. Oh Ulbricht...
xpost from this post:
Long-time readers may recall that among Ulbricht's problems with developing & running Silk Road, he had problems with theft from his MtGox account: "Silk Goxed: How DPR used Mtgox for hedging & lost big". We identified his accounts and deposits as part of that investigation.
Based on our findings, imposter has found a previously unknown Ross Ulbricht account on the Bitcoin Talk forums, used for tech support with SR1 problems: the user account "kohlanta" (posts), registered 19 August 2012. The name is a reference to a tourist destination in Thailand; Ulbricht was living in Australia around this time and traveled some places, apparently including Ko Lanta. This account must be Ulbricht because (1) who has ฿40,000 in a single address in August 2015? (2) the amount matches up exactly with the big transactions noted in 'Silk Goxed', and kohlanta's address 1MR..Y is the one involved in the Ulbricht withdrawals/deposits. (When he told me about this, I felt dumb - why hadn't I bothered to google 1MR..Y during our 'Silk Goxed' work to see if it had appeared anywhere else online?)
kohlanta's first question concerns the inability to move ฿40,000; this problem was solved by bitcoind -rescan, as pointed out by BT user fcmatt. (You can see he did indeed pay the ฿100 by noting that the amounts shrink by exactly that much.)
We can also see the trial testimony independently confirmed by kohlanta's further questions: questions about using curl, json-rpc, and versioning issues with the wallet.
There's nothing really important here that I can see, but it's interesting to see him panicking over the 1MR..Y, and it's definitely a reminder that Bitcoin addresses are only pseudonymous; once pseudonymity has been broken or damaged, you can continue to follow transactions & addresses to see what you can find.
submitted by impost_r to Bitcoin [link] [comments]

Warning: DrugsList is extremely insecure [x-post /r/DarkNetMarkets]

DISCLAIMER: I have no affiliation with any marketplace. My interest is only seeing a more secure and trustworthy underground drug market. I have reported numerous issues to other drug markets and have had them successfully fixed. I have never accepted payment from any drug market for security services. I am only an interested observer and occasional customer.
EDIT: here is the original thread at /DarkNetMarkets
The Drugslist website makes numerous simple security errors in its implementation, and is completely unfit as an underground drug marketplace storing bitcoin wallets.

Error 1: The PGP error

As drug market users you have likely noticed that it is always reinforced that you should use PGP for all private message. A lot of users struggle with PGP since you have to download an application, learn public key cryptography, learn how to sign/encrypt and manage keys etc. There is a reason why it is complicated, because ease of use and security are a direct tradeoff. Were PGP to be simple, it likely wouldn't be effective.
This is why you have never seen a serious drug marketplace that attempts to implement PGP on the web, or inside a browser - because it is insecure. You can only guarantee the security of PGP and your messages if you use a desktop app.
I noticed yesterday that drugslist was making a huge error and had implemented PGP in a web browser as part of the their drugs marketplace. This is a huge red flag, because not only is it not secure, but it also teaches users that pasting private keys into a web form is ok, when it is far from. Security conscious people spend a lot of time reiterating into people basic security practices and when Drugslist does something like implement PGP in a browser and ask users to paste a private key into a web form, they undo a lot of that security advocacy performed by others.
I'm going to try and explain in the simplest terms of why PGP in the browser is a bad idea, because I explain what Drugslist did:
When you install PGP normally on the desktop - you go to a trusted site and download the package, and almost all PGP tutorials will, as a second step, show you how you can verify that the package you downloaded is the same one the developers signed off on - to guarantee that it either hasn't been backdoored or manipulated on the server, or that it hasn't been backdoored or manipulated in transit to your computer. You only have to do this once, when you install the application. From then on your can use the PGP app a thousand times and be confident that it hasn't been backdoored (there are ways around this, such as a trojan on your system, but it won't be backdoored by the developer).
This is an essential part of establishing the trust relationship between developer and user, you can guarantee that it hasn't been compromised using cryptography (Bitcoin also does this, as does Tor).
When you use PGP in a browser, your browser downloads a new copy of PGP every time you use it, and has no way of checking the signature. Worse, it doesn't even check if is downloading it from the correct server. That means someone could easily insert a backdoor into it, or weaken it, and you would never notice. It doesn't matter how much you check the code the first time you use it, you can't guarantee that it would be the same every subsequent time.
This isn't a hypothetical attack, there are at least two known cases where the US Government has taken advantage of web-based cryptography to read 'encrypted' messages for users: Hushmail and Lavabit. In the Hushmail case users had no idea that Hushmail had changed the code to give the government access. In the Lavabit case, because they were using web based crypto they were also vulnerable to a subpoena, which they ended up receiving when Snowden became a user. This is why web-based crypto is bad, because it can't be protected or guaranteed.
Drugslist present their web-based PGP alternative as a direct replacement for desktop PGP, which is not the case. Web based PGP is never secure.
They place a link to it right above the box where you send private messages:
Don't know PGP? Check out our client-side PGP encryption tool. No data transferred and everything stays on your device!
All throughout the site, in the FAQ, there on the private message box, it mentions the web-based PGP implementation as an alternative to desktop based PGP, which it certainly is not.
Now this part I can't stress enough: to a security professional, this is a very simple mistake - it is something that even a security professional with only hours of experience would know is a red flag. This is like a mechanic pointing out that the tyre in your car is wobbly and about to fall off.
I noticed that Drugslist have this feature yesterday in their thread about their API. I knew very very little about Drugslist at this time, I had signed up a week earlier and then forgotten about it - not even looking at what vendors are there, etc.
Here is the thread announcing the API:
I got to this second paragraph and immediately stopped reading:
Our site now offers, a fully featured API escrow, auto withdraw for vendors, 1% commission payments on any money spent by anyone whom you refer, a fully integrated forum and email system, client side pgp encryption and decryption as well as a very active customer support and development team.
I immediately had to see this for myself - surely they don't mean PGP in the browser, that would be lunacy. I open the site, find the feature - and sure enough they have implemented PGP in a browser using Javascript and are asking users to paste their private keys and secret messages into a web form. This is absolutely unacceptable, especially by a marketplace claiming to be security conscious.
Without reading the thread further, I then write this comment telling Drugslist that they need to change and remove the client-side PGP feature. Drugslist replied quickly, and they partly gave an indication that they understood the issue, but they mainly chose to ignore what I reported.
edit to add, while we were having this conversation despite denying it was a problem every time I went back and checked Drugs List they were adding warnings to the PGP tool that demonstrated they didn't understand the issue. I would check their page and the wording would change to include a warning, I would go back, leave a comment with a counter-point, check their page again and the warning would be updated again based on the comment I left. This shows that they weren't understanding the issue.
What proves it further is the message they have on the PGP page now:
This is in big red writing at the top, and was added after I raised the issue:
While our Javascript PGP implementation is secure, and can be verified by looking at the source code, understand that other websites claiming to have client-side Javascript PGP could be insecure. Be cautious of any site offering client-side PGP. You should always search through the source code looking for Javascript includes, XHR requests and HTML5 outbound data calls.
Note two things here: they are still misunderstanding the issue - there is no way to implement this securely, besides their reassurance. Also note that this is a feature that is supposed to be built for users who find desktop PGP complicated, yet it is asking them to conduct a thorough audit of the PGP code prior to using the tool each time. This is completely unrealistic.
Back on the comment thread, there was also a completely surreal situation where i'm left spending a dozen comments explaining to DrugsList what the actual problem is, since it is clear they don't understand what i'm actually reporting - in the meantime they continue to deny that there is a problem.
I had no idea at the time that this would lead to an hours-long conversation where drugslist would repeatably deny the existence of numerous security issues despite the clear evidence to the contrary.
I went back up to that original post and kept reading about the API. Two lines later and we have another security issue:

2. API Security Issues

I'll keep this brief. The problems with the API are:
  1. It asks you to place your marketplace password in the URL of the API. This is a big no-no, since many applications log URLs in plain text. A URL is 'non sensitive' data and all applications treat it that way, you should not be placing passwords into the URL
  2. The password used in the API is the same as that used in the API, so if your API somehow leaks, the person finding the password can login as you. This is poor design.
  3. The API client makes no effort to authenticate the server, and vice-versa. This means it would be incredibly simple to intercept the data passing between the API client and the API server. Running over Tor only makes it easier, since a lot of Tor configs have misconfigured DNS.
The drugslist response to these concerns is that they 'expect' API clients to know these problems and to use them securely.
I had now discovered a number of basic security issues in reading only two paragraphs of text from Drugslist, and in all these cases the Drugslist user had responded quickly, completely denying any issue or any problem - and dismissing the concern. This was becoming a pattern and it prompted me to look at the history of this user and this drug marketplace, it didn't take me long to find more hits.

Error 3: SQL Injection

I only had to scroll down 3 or 4 previous thread before finding this thread - where a user of reddit had reported an SQL Injection vulnerability to DrugsList.
Set aside for a moment what you may believe about how the person reporting that bug behaved or conducted themselves, because this is a very serious issue.
I could not believe what I was seeing as I scrolled through the screenshots attached. I haven't seen this type of elementary SQL Injection bug for years. This stuff used to work 10 years ago, but you rarely see it any more as most programmers and websites have wisened up to the simplest of SQL Injection bugs.
Make no mistake about this: what is being demonstrated in that bug is the ability to take control of the application and run whatever commands you wish on the database. This means you can take passwords, steal bitcoin, insert your own vendor account etc.
This is the exact same type of bug that cause both Sheep and BMR to be hacked, instead this bug was much, much simpler than either of those
This SQL Injection bug lead to what was now becoming a regular situation - the drugslist user coming in, denying that there was an error, and claiming that the user who found an SQL Injection had only found a 'small bug' and couldn't 'do anything'. He was daring the next attacker to delete/hack his entire site as a way of proving that a bug exists.
This lead to a completely surreal comment thread, the kind I have never really had before, where we have the admin of the drug market along with a mod from the sub trying to convince people that this wasn't a real bug - using terms that are taken from information security, but using them in such a way that makes it clear to anybody who knows the field that these guys have no idea of what they are talking about.
The sheer simplicity of the SQL Injection attack lead me to open up a browser and to go to Drugs Marketplace and to check for myself to see if I could find any other bugs (having a single simple bug on the main page usually means there are more).

Error 4: Multiple SQL Injection Points

Within 3 minutes of checking their app it was clear that both their search page and their product page are not filtering user input and allow a user to tamper with SQL queries in any way they want.
I private message Drugslist and tell him that he needs to take his site down and come clean about the security issues. I've never seen a site like this. A potential hacker with no knowledge of info sec would only require 10-12 hours of learning to take complete advantage of stealing everything from Drugs List.

Error 5: Server Leaking Info

After discovering the two bugs I come to the conclusion that there is no point in testing this further, since every parameter I test is vulnerable.
I look down at my logs and I can't believe what i'm seeing - the server is leaking critical information about itself that would make it simple for a dedicated adversary to trace down not only the location of the server, but the people running it.
This is worse than Silk Road in the early days, where similar output lead the authorities to the location of the Silk Road server.

Error 6: Consolidating everything in one market

The other problem with Drugs List is that in an effort to be convenient they consolidate everything into one website and behind one URL: market, wallets, email, forum and even PGP
Were the market hacked or taken over by LE, they would get everything - your emails, your messages, your PGP (via the web tool). This is why each vendor and buyer should host each of these separately - email should be with one host, wallet with another, marketplace on another, PGP on your desktop - this rule is the same as the 'diversify your holdings' rule in the finance world, you don't want a single point of vulnerability.
There is also a reason why other markets host their forums and their marketplaces on separate URLs, its so that you isolate them from each other. The threat model to a forum is very different to the threat model for a bitcoin drug marketplace - you don't want a bug in the forum leading to a complete compromise of your bitcoin drug marketplace.

Over-marketing and under-delivering

If you look at Drugs Lists claims, they keep reiterating security and how they have hired 'PHD's in math' and 'security experts'. There is no chance this is true. Drugs List has almost certainly been put together by a single person with a minor understanding of technology and almost no understanding of security who outsourced the work of programming the marketplace. It is likely that he has hired cheap offshore labour to build this site using a service like oDesk or Elance. I don't believe his programmers know that what they are building is being used as a drug marketplace.
When I search some of these marketplaces for 'bitcoin escrow marketplace' I get a number of hits for people attempting to hire cheap labour to build such a marketplace. Some of these sound a lot like Drugs List, and that would also match up with how the site has been implemented. This is exactly how SR1 was taken down and I have more than enough information to conclude that were a sufficiently motivated adversary interested in taking down Drugs List, they would likely do so in very short order.
It doesn't matter if you believe that I am out to "get" drugs list or not, there is a pattern in his communication where numerous people have reported security or other concerns to them and they are dismissed. So either all these people reporting concerns are crazy (which would include me, two other techs on the SQL injection thread, TMPSchultz and gwern on the multi-sig thread), or drugs list is negligent with user data and are in way over their heads with operating a secretive bitcoin based underground drug market.
Of the 3 issues I reported to them, his replies indicated that he didn't even understand 2 of them. It took me numerous messages to explain what was wrong with doing web-based PGP, despite their first response indicated that they understood the issue and thought it was ok.
There is a pattern here in how features are over-marketed and then under delivered and sheer negligence with security reports. The question vendors and buyers have to ask themselves is do they really trust their identity and money with someone who is not only incompetent in building a website but in utter denial about there being a problem.
IF YOU ARE A VENDOR OR BUYER: Don't trust me - please, find someone you know who is a programmer or a tech and ask them to take a look at these two threads:
  1. This one where I report the PGP error, which becomes very weird at the end
  2. This thread, where a user reports a simple SQL injection
That is the lest amount of due diligence you should do before using a drug marketplace, especially as a vendor. You will find that even those with a cursory knowledge of programming or info security will find those threads worrying to the point of being amusing.
submitted by the_avid to SilkRoad [link] [comments]

Subreddit Stats: bitcoin top posts from 2016-11-05 to 2016-12-04 23:10 PDT

Period: 29.72 days
Submissions Comments
Total 1000 39770
Rate (per day) 33.65 1317.40
Unique Redditors 635 5193
Combined Score 79721 141041

Top Submitters' Top Submissions

  1. 4004 points, 1 submission: btg643
    1. Excuse me? (4004 points, 293 comments)
  2. 2344 points, 1 submission: AndreAbdel27
    1. What 30$ looks in Venezuela's Currency. (2344 points, 310 comments)
  3. 2000 points, 1 submission: sk221
    1. California just legalized marijuana - a $22 billlion industry can't open a bank account. Bitcoin, here's your chance! (2000 points, 202 comments)
  4. 1378 points, 14 submissions: eragmus
    1. Peter Thiel (member of President-Elect Trump's Transition Team): "It becomes a threat to fiat money at a point where Bitcoin is encrypted in such a robust way that the tax authorities can't break the encryption, can't tell how much money you have, and what transactions you are doing." [x-post] (498 points, 152 comments)
    2. Henry Brade: "Based on new transaction stats SegWit will more than double the #bitcoin tx capacity. And it enables secure LN for real scaling. We need it!" (275 points, 162 comments)
    3. Alex B.: "Back before the block size limit debate was even relevant, @gwern hit the nail on the head. Features are secondary, resilience sine qua non." ['Bitcoin’s greatest virtue is not its deflation, nor its microtransactions, but its viral distributed nature; it can wait for its opportunity.'] (155 points, 135 comments)
    4. An ELI5 on small vs. big blocks, and the importance of node decentralization. (67 points, 105 comments)
    5. SF Bitcoin Devs - Blockstream's Andrew Poelstra discusses MimbleWimble ["Is a blockchain design w/ no script support & blinded amounts. Like proverbial black holes, tx outputs have no hair. This simplicity allows aggressive compaction & aggregation, resulting in much better scalability."] (64 points, 11 comments)
    6. Avtar Sehra (CEO and Product Architect at Nivaura): "Nivaura has been approved by UK regulator to commercially test debt structuring, issuance, and [life cycle management of decentralised debt instruments] settlement on Bitcoin" (50 points, 5 comments)
    7. Bitcoin Core - IRC Meeting Summary (November 10, 2016) (48 points, 8 comments)
    8. The Status of the ‘Hong Kong Hard Fork’: An Update (46 points, 19 comments)
    9. Bitcoin Core - IRC Meeting Summary (November 17, 2016) (39 points, 2 comments)
    10. Bitcoin Core - IRC Meeting Summary (November 3, 2016) (36 points, 0 comments)
  5. 1167 points, 6 submissions: Coinosphere
    1. Marijuana now legal in eight more US States while vendors get more bitcoin options (698 points, 54 comments)
    2. Cell 411 launches decentralized ride sharing in Austin accepting Bitcoin (106 points, 24 comments)
    3. Hacker holds San Francisco railway to ransom, demands 100 bitcoins (98 points, 21 comments)
    4. IRS agrees to major cryptocurrency strategy overhaul following audit (96 points, 22 comments)
    5. Blockchain (most popular) wallet adding an instant bitcoin buying option for credit and debit cards (86 points, 15 comments)
    6. The oldest bitcoin exchange, BTCC, moves into the US market (83 points, 11 comments)
  6. 1085 points, 2 submissions: The_Arctic_Wolf
    1. Block #440,000 was just mined. There are 16 million bitcoin now. (1025 points, 132 comments)
    2. Turmeric launch, Rootstock's Testnet (video) (60 points, 18 comments)
  7. 952 points, 4 submissions: Onetallnerd
    1. Lawyers say they've found signs of a third rogue cop tied to the Silk Road case (768 points, 114 comments)
    2. Segwit Signaling. [Note that those signaling now will not affect consensus until the start of the next difficulty retarget] (75 points, 34 comments)
    3. The Bitcoin Lightning Spec Part 1/8 (63 points, 10 comments)
    4. [bitcoin-dev] Forcenet: an experimental network with a new header format (46 points, 19 comments)
  8. 844 points, 18 submissions: quadrilliondollars
    1. One of the four biggest accounting firms in the world adopts bitcoin! (169 points, 16 comments)
    2. Good news for Bitcoin: Iceland's Pirate party invited to form government. Anti-establishment group receives mandate for power-sharing pact after talks to build five-party coalition fail. (71 points, 5 comments)
    3. India just hard-forked the rupee. (70 points, 15 comments)
    4. Venezuela's currency now worth so little shopkeepers weigh vast piles of notes instead of counting them (68 points, 15 comments)
    5. Gold above 500 gm owned by married women can be seized: Fin Min (India). (66 points, 25 comments)
    6. Andreas Antonopoulos on London Real! (61 points, 15 comments)
    7. Please make your voice heard here. We can request bitcoin support from the next President. (58 points, 22 comments)
    8. IMF approves $12 billion bailout for Egypt after austerity measures including lifting currency controls last week which made the Egyptian pound drop by almost 50 percent against the dollar (43 points, 5 comments)
    9. The War On Cash Goes Nuclear In India, Australia and Across The World (36 points, 7 comments)
    10. (AA) Exponential Innovation - Hackers Congress (33 points, 2 comments)
  9. 831 points, 9 submissions: _smudger_
    1. WOW! China's Huiyin Group Launches $20 Million Bitcoin Fund (274 points, 32 comments)
    2. Winklevoss twins see bitcoin as better than gold. Brothers hope to launch ETF soon (227 points, 80 comments)
    3. India: ZebPay adding 25000 bitcoins customers per month !!! - reports enquiries up 20 to 30% in the past couple of days (108 points, 30 comments)
    4. Another record volume for LocalBitcoins including regional records in Europe,Pakistan,Russia,Saudi Arabia,USA and Venezuela (70 points, 11 comments)
    5. R3 blockchain opens to all (51 points, 59 comments)
    6. Liberland, Bitcoin Utopia: The man who created a tiny country he can no longer enter - BBC News (34 points, 25 comments)
    7. Go India!!! (31 points, 5 comments)
    8. Get voting! (19 points, 2 comments)
    9. China Imposes New Capital Controls; Bitcoin Price Optimistic (17 points, 20 comments)
  10. 819 points, 3 submissions: jmw74
    1. Coinbase pledges to fight IRS request in court (727 points, 242 comments)
    2. IRS requesting info from Coinbase on users transacting 2013-2015 (68 points, 57 comments)
    3. Hasn't segwit activation already failed for this difficulty period? (24 points, 37 comments)

Top Commenters

  1. nullc (3550 points, 273 comments)
  2. luke-jr (1988 points, 276 comments)
  3. Frogolocalypse (1668 points, 555 comments)
  4. bitusher (1587 points, 270 comments)
  5. BashCo (1127 points, 194 comments)
  6. dellintelbitcoin (1039 points, 274 comments)
  7. belcher_ (976 points, 189 comments)
  8. jcoinner (880 points, 208 comments)
  9. manginahunter (853 points, 307 comments)
  10. smartfbrankings (788 points, 184 comments)

Top Submissions

  1. Excuse me? by btg643 (4004 points, 293 comments)
  2. What 30$ looks in Venezuela's Currency. by AndreAbdel27 (2344 points, 310 comments)
  3. California just legalized marijuana - a $22 billlion industry can't open a bank account. Bitcoin, here's your chance! by sk221 (2000 points, 202 comments)
  4. Block #440,000 was just mined. There are 16 million bitcoin now. by The_Arctic_Wolf (1025 points, 132 comments)
  5. "If Trump Wins, here's what I'll do..." User Coincle pledges to give away 25.47 bitcoin to those who commented on his post if Donald J. Trump is elected president. So, where's my bitcoin? by ILikeGreenit (806 points, 355 comments)
  6. Banking in India Right Now by surge3d (801 points, 198 comments)
  7. $12 B worth of the world's currency is uncontrolled and independent from the governments of the world. by ztsmart (795 points, 135 comments)
  8. Lawyers say they've found signs of a third rogue cop tied to the Silk Road case by Onetallnerd (768 points, 114 comments)
  9. Monthly reminder for newbies: The Bitcoins you store on an exchange ARE NOT YOUR BITCOINS - they are an IOU. If you hold a decent amount of bitcoins, please make the intelligent decision NOW to transfer your coins to a secure mobile or hardware wallet that you control. by GabeNewell_ (759 points, 237 comments)
  10. Coinbase pledges to fight IRS request in court by jmw74 (727 points, 242 comments)

Top Comments

  1. 534 points: EgoTrps's comment in "If Trump Wins, here's what I'll do..." User Coincle pledges to give away 25.47 bitcoin to those who commented on his post if Donald J. Trump is elected president. So, where's my bitcoin?
  2. 334 points: SuperPuffin's comment in BREAKING: Trump advisers considering $JPM CEO Dimon for Treasury post
  3. 292 points: AndreAbdel27's comment in What 30$ looks in Venezuela's Currency.
  4. 262 points: Myrmec's comment in Excuse me?
  5. 247 points: jtoomim's comment in Core is the new big blocker. 3.7Mb mined on testnet with segwit.
  6. 216 points: paperraincoat's comment in Excuse me?
  7. 190 points: brokenskill's comment in "If Trump Wins, here's what I'll do..." User Coincle pledges to give away 25.47 bitcoin to those who commented on his post if Donald J. Trump is elected president. So, where's my bitcoin?
  8. 181 points: amnesiac-eightyfour's comment in Banking in India Right Now
  9. 173 points: deleted's comment in Peter Thiel (member of President-Elect Trump's Transition Team): "It becomes a threat to fiat money at a point where Bitcoin is encrypted in such a robust way that the tax authorities can't break the encryption, can't tell how much money you have, and what transactions you are doing." [x-post]
  10. 171 points: butters1337's comment in BREAKING: Trump advisers considering $JPM CEO Dimon for Treasury post
Generated with BBoe's Subreddit Stats (Donate)
submitted by subreddit_stats to subreddit_stats [link] [comments]

FFDK KRYPTO-QUIZ - WIEVIEL WEISST DU ? Fragen rund um Bitcoin & Co. ! FFDK WOCHENREPORT 21 JAN 2018 - IOTA WALLETS GEPLÜNDERT! WAS NUN? Bitcoin auf Erholungskurs? YouTube Erklärung von Xapo Wallet von Bitcoins How we create Bitcoin wallet Wahab tech  #part 1 - YouTube

Eine Bitcoin-Wallet kannst du wie eine ganz normale Geldbörse sehen. In ihr solltest du nur einen kleinen Teil deiner Bitcoins aufbewahren. Wie bei einer realen Brieftasche auch, ist bei einer Bitcoin-Wallet das alltägliche Risiko größer, dass sie dir mal gestohlen wird. Eine Bitcoin-Wallet kannst du entweder auf einem Endgerät (Handy, Laptop, PC…) installieren oder Online nutzen. Für ... Bitcoin is Worse is Better . It appears that you have not registered with Bitcoin Forum. To register, please click here... Similar topics (5) Why the p2pfoundation is paying its salaries in bitcoin? Started by Replies: 0 Views: 3710 March 29, 2012, 12:47:42 AM by Bitcoin Magazine Goes to Print. Started by ... Und noch ein Hinweis: Falls du bereits andere Guides, auf anderen Webseiten gelesen hast und dabei IOTA Wallet Anleitungen, wie das Guarda Wallet und Nelium Wallet durchstöbert hast, lass dir gesagt sein, dass es diese (Stand: August 2019) nicht gibt! Zwar gab es für die Wallets vereinzelte Ankündigungen. Das Nelium Wallet wurde beispielsweise im Januar 2018 durch ein Promo-Video ... Wenn du noch nie ein Bitcoin Cash Wallet von Electrum angelegst hast, dann musst du „Create a new seed“ auswählen, weil dadurch ein komplett neues Wallet angelegt wird. Im nächsten Schritt erhältst du einen „Sicherheitssatz“ den du dir aufschreiben musst, da dein Wallet damit im Ernstfall, wenn z.B. dein Computer kaputt geht, wieder herstellen kannst. Diesen solltest du niemals ... SDr> gwern, here's a shiny new angle for your cryptocurrencies knowledge file: do crypto donations to warez distributors, like work? gwern> SDr: how would that work? they put addresses in the READMEs of their torrents or something? SDr> gwern, specifically eg. scraping Pirate Bay's NFO files for wallet addresses & cross-referencing it with blockchain, is there volume for it, such that ...

[index] [14297] [28263] [39533] [39828] [5865] [38616] [17935] [35739] [4427] [4943]

FFDK KRYPTO-QUIZ - WIEVIEL WEISST DU ? Fragen rund um Bitcoin & Co. !

FFDK Wochenreport 8 NOV 2017 - Bitcoin Cash Rallye - AMAZON Gerüchteküche - BCH Hardfork - Duration: 16:25. Finanzielle Freiheit dank Kryptowährungen 1,900 views 16:25 This video is unavailable. Watch Queue Queue. Watch Queue Queue Blockchain Bitcoin Wallet is the World's Most Popular Way to Buy, Hold, and Use Cryptocurrency. Blockchain is trusted by 55M Wallets - with Over $620 Billion... Simple tutorial for beginners about how to create a cryptocurrency wallet and securely back up Bitcoin and Bitcoin Cash funds. is a cryptocurrency wa... Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.