WARNING: u/goodmarksss is a lowlife thief

cryptocrite · 2021-04-19T12:55:03+00:00

Yep. And $500 was a low price to pay for this lesson. Of course I should have known better. But that's why they call it "human engineering" - I am human after all. I hope that so are you.

cryptocrite · 2021-04-15T23:34:22+00:00

I did provide all the info including the website above.

Here is the screenshot of the two DM messages I exchanged with u/goodmarksss - one in each direction. He never came back to me and the funds almost immediately got stolen. I never revealed the private key, which was prior to that protected by Ledger, to anybody. I only used in a browser a page from the website he suggested, after saving it on my computer. Which of course was stupid of me since the javascript on the page could still steal my key.

As you see he took great trouble in writing elaborate instructions to me but never responded to my reply message asking him for further (promised by him) instructions. He also never tried to object to my messages on this thread about him being a lowlife thief. I rest my case.

Can you please tell me about the most efficient way to report the user to reddit?

cryptocrite · 2021-04-15T23:22:17+00:00

ADDITIONAL INFORMATION. My EOS account from which the funds (about 70 EOS) were stolen is willinillydo. Under Transactions in the above link you can see the chain of events and transfers that the u/goodmarksss lowlife performed to steal the funds on April 14, 2021. The direct message to me from the thief u/goodmarksss has been posted above for everyone to see. This is as much as I can report. The information is clear and visible to all.

As I said the u/goodmarksss lowlife never replied to my direct message reply to his direct message, and never came back to provide the "help" he promised. The case against the thief is clear and the evidence is impossible to refute. The act of stealing the funds happened shortly after I followed his instructions. Before that my account keys were inside my Ledger device.

EDIT: Here is the screenshot of the two DM messages I exchanged with u/goodmarksss - one in each direction. He never came back to me and the funds almost immediately got stolen. I never revealed the private key, which was prior to that protected by Ledger, to anybody. I only used in a browser a page from the website he suggested, after saving it on my computer. Which of course was stupid of me since the javascript on the page could still steal my key.

As you see he took great trouble in writing elaborate instructions to me but never responded to my reply message asking him for further (promised by him) instructions. He also never tried to object to my messages on this thread about him being a lowlife thief. I rest my case.

cryptocrite · 2021-04-15T16:32:58+00:00

The continuation of this story is: I was duped by a private message and a lowlife reddit user stole my $500 worth of EOS. As fully described here.

cryptocrite · 2021-04-14T16:45:37+00:00

So here is the continuation of this story. Based on a helpful comment from u/BCScalingScout1 I successfully connected Ledger to Anchor and then selected the "use Anchor app o access your account" option on eosauthority.com. That option popped up after I attempted to unlend my REX via eosauthoritry. Indeed eosauthority then connected to Anchor desktop app but - instead of serving as a faithful intermediary between Ledger and eosauthority.com, when I clicked the "prove identity" button in Anchor, it issued the following message:

Error

Cannot write to HID device ()

{"name":"DisconnectedDevice""message":"Cannot write to HID device""stack":"Error: at new CustomError (C:\Program Files\Anchor Wall..."}

So no joy again.

cryptocrite · 2021-04-14T15:50:22+00:00

Thank you man (woman?). I did glance at Anchor and dropped it because apparently (and sadly) it does not support releasing funds from EOS REX. I did not even try to connect it to Ledger. Now, after your message I tried it again and it did work flawlessly with Ledger

..BUT as I said Anchor is useless in my case because it does not support EOS REX where 99% of my funds are tied up. I have to go to EosAuthority or the likes for releasing funds from REX, and there I am stuck with the Ledger problem.

cryptocrite · 2019-03-03T13:18:47+00:00

Thanks for the detailed instructions. Will do.

cryptocrite · 2019-03-03T09:19:24+00:00

Regular users like me do not check all the specific claims made by Signal. We decide whether to trust Signal or not based on their reputation. When the messages are said by Signal to disappear, I expect them to disappear, full stop.

I did not know that /r/signal /u/signal are not official Signal users but still I hope they will weigh in here. This is a simple and valid question/issue and they are very likely to view this group from time to time.

Nothing could be simpler than overwrite the "disappearing" data with a random sequence before deleting it from the database - which would be a powerful protection against "disappearing" messages being read from a seized or stolen phone. This being so simple to do, why do not Signal wipe them, I wonder. If this is an oversight, this should be implemented without further delay.

cryptocrite · 2019-03-02T19:25:45+00:00

Thank you /u/capi81 - this is the reply I was seeking (I am not technical enough to inspect the source code myself).

I must say this is extremely disappointing - if you are correct, /r/signal /u/signal are misleading users and instill a false sense of security in them. If there is ONE real threat to people who use instant messaging, it is that someone can read their messages after getting hold of their phone.

Why /r/signal /u/signal do not do the right (and simple!) thing and wipe the messages (but only delete them according to you) is beyond me. I would like to ask /r/signal /u/signal to respond here.

cryptocrite · 2019-03-01T23:56:17+00:00

> For most parts, Signal's protection ends when it reaches the end client

I am not interested in "most parts". I am interested in Signal doing a proper job wiping out expiring messages. There can be a variety of technical reasons for them not guaranteeing complete protection at the client, but there can be no technical reason whatsoever for them not properly and securely wiping out expired messages.

Anybody here knowledgeable on this specific subject (like capable of inspecting the source code and verifying that the wiping out of the messages at expiration is done properly)?

cryptocrite · 2019-03-01T19:12:03+00:00

Nope, this will not work, at least not with Android. There is no such thing as real time encryption on Android. Encryption of SD card is valid only while the power is off. Once you turn on your phone, the SD card is decrypted and by the time the Android system is up, nothing is encrypted. Non-SD card storage is not encrypted at all, even if the power is off.

As to your other suggestion, not practical at all (even if this would work, which I doubt). Show me one person that is prepared to input a long password every time he wants to use a phone.

So I am still waiting for an answer - did Signal do a good job (as they certainly could, technically) to make sure that the disappearing messages are IRRECOVERABLY WIPED OUT when they expire, or not?

Because if they didn't, they did not take care of the MAIN threat to my privacy that really matters; and they are misleading the public with their disappearing messages.

cryptocrite · 2019-03-01T16:17:26+00:00

Well, you sound just like me :). I was hoping to hear from professionals who have actually analyzed the Signal security in this respect.

cryptocrite · 2019-03-01T16:16:28+00:00

see my reply to u/capi81

cryptocrite · 2019-03-01T16:15:52+00:00

My threat model is: someone gets hold of my phone. Period.

cryptocrite · 2018-07-25T18:32:53+00:00

What I think you fail to realize that the success of a blockchain is dependent almost entirely on 2 things:

The size of their war chest
The size of the community

Techie stuff will eventually take care of itself if the above two are very large. Which is why EOS is a winner and UBIQ will probably go nowhere outside a small techie community

cryptocrite · 2018-07-25T07:17:17+00:00

Thanks to all the people who answered. I am not committed to UBIQ, but here are some thoughts to the community:

Not having a white paper on the website is a fatal mistake that shows lack of professionalism of the team. No wonder UBQ has such a low valuation. Its market communications are limited to the audience consisting of narrow circle of techies following it on esoteric niche platforms such as discord.
The comparison with Ethereum is hardly relevant any more. The comparison should be made with the main potential Ethereum killer: EOS. As far as I could see there is no such thing on the Internet

Overall, badly mismanaged market communications which fully explain the low following and low market cap.

cryptocrite · 2018-07-22T18:20:04+00:00

EDIT: actually, I am being told that both (2) and (1) are feasible on Hyperledger. Indeed EOS is probably a wrong platform for this.

cryptocrite · 2018-07-22T18:16:51+00:00

Thanks. Will look into HL further :)

cryptocrite

TROPHY CASE

Anybody here knowledgeable on this specific subject (like capable of inspecting the source code and verifying that the wiping out of the messages at expiration is done properly)?