Proposals Scam Prevention - $80,000.00 Gone

[litepresence]

I think we've all seen it coming. Here it is.

Proposals lacks a metric of trustworthiness, this needs a technical solution. I don't know what it is, but this outcome was predictable as a consequence of the code base in light of human nature, yet unacceptable from both moral or business perspective.

This needs to stop.

Richard Hanna, [09.03.19 22:08]
anyone- asking for your help... 
maybe wrong forum but my bitshares account got hacked 
and someone stole 2,000,000 BTS... im devastated...
the thief account name is:  joouwoo3c...what can i do?

Krista, [09.03.19 22:20]
[In reply to Richard Hanna]
It looks like the newest part of a scam to update account data ....
did you click on a proposal?

Richard Hanna, [09.03.19 22:22]
im not sure, i may have, i only check in every couple months... 
how would i know?

Krista, [09.03.19 22:22]
What is your bitshares account name?

Richard Hanna, [09.03.19 22:22]
rwh-9164

Krista, [09.03.19 22:22]
One second

Krista, [09.03.19 22:23]
[ Photo ]

Krista, [09.03.19 22:24]
See this ?? They proposed and you accepted

Richard Hanna, [09.03.19 22:25]
OMG i had no idea wha tthat was all about 
i thought it was a security enhancement... 
what can i do? i want to kill my self

Krista, [09.03.19 22:26]
Oh no, don't do that *hugs* 
that is exactly what they wanted you to do 
was to think it was legitimate

Krista, [09.03.19 22:26]
There are a ton of accounts that run this scam

Richard Hanna, [09.03.19 22:26]
is there any way to claw it back?

Krista, [09.03.19 22:27]
I would consider that account not secure...
make a new account and transfer what is left there...

Krista, [09.03.19 22:27]
I'm not sure what bitshares is doing to combat this if anything

Krista, [09.03.19 22:27]
But if you find out I would love to know

Stefan, [09.03.19 23:55]
[In reply to Krista]
The recent UI update 190227 
needs double checking to see the approve button, 
with a warning hint.

[litepresence]

WHITELIST

Bhuz, [10.03.19 13:58]
What about adding a whitelist for proposals? How hard would it be and how would that impact legit business?

I think just having a whitelist on proposals make both sense and potentially solves the majority of scams without really affecting legit business that may want to use proposals

For whitelist on proposals I mean a user defined list that contains account names that are allowed to create proposals for the account in question

Cons I see is more RAM needed for consensus witness node, probably need to set an hard limit on the list length

Christopher Sanborn, [10.03.19 15:40]
I like this idea. Vast majority of users don't need or expect others to propose transactions on their behalf. Those that do, could/should take steps to enable it.

[litepresence]

NAME REGULATION

litepresence, [10.03.19 14:07]
another thought is to regulate any account name with "BitShares", "security", "open-ledger", "rudex" and disallow accounts with specific words in them from proposing transactions. kind of like how in most countries the word "bank" cannot be used by anyone except a state approved bank. eg Australia: "APRA limits use of ‘bank’, ‘banker’, ‘banking’ and ‘ADI’, and by extension words or expressions with like meanings (such as ‘banque’)."

Bhuz, [10.03.19 14:38]
Not really feasible imho

It's hard to define what names need to be "regulated", it's hard to defend from similar/misspelled names, it's hard to update such a global list

[litepresence]

DELAY TRANSFER WITH OPTION TO REVERSE

What about any funds that transfer via proposal move to some type of "vesting" balance and are non accessible for some period and there is option for reversal/refund within 24 hours. Is this possible?

[litepresence]

P2P SOCIAL CREDIT SCORE

Is it possible to know percent of proposals accepted/denied by this user?

Would it be possible to have some form of rating system like you do at ebay where post transaction you rate the other party?

[abitmore]

I don't think this discussion belongs to this repository so far. If you think the behavior of bitshares-core should be changed, please discuss and/or propose your solution in https://github.com/bitshares/bsips and get it voted. If you think which UI should take care of it, please submit issues to corresponding repository.

[litepresence]

UI LEVEL FILTRATION

Stefan, [09.03.19 23:55]

The recent UI update 190227
needs double checking to see the approve button,
with a warning hint.

---

One first step could be to allow the UI to use an on chain whitelist on top of hard-coded scam account names to allow swift react

[litepresence]

I don't think this discussion belongs to this repository so far. If you think the behavior of bitshares-core should be changed, please discuss and/or propose your solution in https://github.com/bitshares/bsips and get it voted. If you think which UI should take care of it, please submit issues to corresponding repository.

I really don't know what should be done. I do know something should be done on technical level. This is a gaping hole in the legitimacy of the platform; we cannot have new users randomly getting scammed for large sums of money. The subject needs to be fleshed out as to what is and is not possible from technical perspective to mitigate this risk.

If you'd like me to move to bsips thats fine.

[litepresence]

bitshares/bsips#154