Remove the Ruling Holding Hacked Victims Liable for Refunds on Forums without 2fa

Suggestion is in the title, I cant imagine anyone has a big disagreement with this considering we are ALL liable of it potentially happening.

The suggestion is to no longer require victims who were hacked and scammed people off-site to refund those scams if the forum does not offer 2fa.

As you all know, I came very very close to almost being railroaded and refunding people without a sythe PM, this issue aswell has become a legitimate worry for me and I think potentially everyone else to.


I feel uncomfortable thinking at any moment in time my osbot,powerbot,etc(there are ALOT of others, I just don't want my competition to be aware of them) could be SE'd away from me or hacked and used to scam huge amounts, these forums DO NOT offer 2fa protection.


It seems ridiculous to me for sythe to hold those users accountable when its not even possible to 2fa and protect your account.


I'm FINE with forums with 2fa having to be refunded, but if a forum wont properly allow us to secure our accounts, why should we be responsible to issue refunds?

It's not always someones fault when their hacked, and even if it is, its dumb to require them to refund people when they don't even have the option to secure their account on that forum properly.


It's THAT FORUM'S fault, NOT the person's.


I can 100% guarantee the vast majority of hackings then off-site scams occur because THEY DONT OFFER 2FA PROTECTION.

 

The forum cannot verify whether or not your accounts were hacked. Believe it or not, it's not an easy task to hack into a Sythe and Skype account. The user must have some pretty weak security. Skype has 2fa protection in place. When a situation appears in which a user had all of his accounts compromised, then that person wasn't protecting his information correctly; so they are not allowed to complain that Sythe doesn't have a 2fa if they don't practice security in other forms.

The staff has no real way to verify you were hacked. Therefore, they are already giving you the benefit of the doubt by giving you the ability to give the scammed user their refund. This is to benefit you, hoping you were a victim in the situation. If you were not the victim, and in fact screwed up a scam, then you are given an opportunity to scam a bigger target.

With that said, I would agree that adding 2fa to Sythe would beneficial to the community.

Support for 2fa.
No support for revoking compensation for scammed users.

 

No support because the people who refuse to 2fa/can't 2fa scamming a big trade because the other party didn't ask for a PM outweigh the amount of accounts hacked via SE.

An extreme no support seeing as it is coming from exactly the type of party that would want this.

 

Your opinion is pointless, yes the staff and the forum can verify if you were hacked.

There's already 2fa on sythe, and it sounds like u have experience hacking accounts?

 

are you high mang? sythe already has 2fa

 

Arcus gold was hacked on osbot in the past and had to refund something like $2,500.

What are you going to do if someone hacks ur osbot and u owe $2,500 to just be UNBANNED because you cant 2fa, I bet you'd change your tune real quick.

 

That does not happen really often, but I understand why you're scared. I'm scared too when it comes to hacks.

So, Ill support only under certain conditions:
1. It's clear that he was hacked. The forum' staff confirms it. They ruled that the user did not have to repay the victims.
2. He did everything he could to secure his account on the forum. Even if the forum doesn't have 2FA, you need to try to be safe.
3. Staff discussion on the case/user in question.

Easier than you think apparently. A lot of people get hacked on Skype, even with 2FA. 2FA probably helps a lot, don't get me wrong, but it's not 100% as secure as you think.

 

I'm pretty sure this ruling is Sythe specific. The ruling which you're talking about is resolving offsite bans if it has to do with scamming/owing money. If the ruling on a different site is that you must pay due to you being hacked, then you would have to pay it to return here.

 

I'm basing my response off the original post. After reading his post, he makes it sound like Sythe does not have 2fa. Now that I'm re-reading the OP, I realize he means off-site places.

Then I misunderstood your original post regarding 2fa. My apologies.

Checking the IP address isn't verification that you were hacked. Not in the slightest.

I don't have experience hacking accounts; I'm just a CS student about to graduate with my bachelors. After taking multiple "hacking" related courses (Ethical Hacking, Information Security, etc.) and having at least common sense, I can understand basic security policies that people should follow.

You're saying that my opinion doesn't matter, but at the end of the day; who's opinion does matter? You seem like you're in a pickle and creating a thread to get out of something you don't want to do because the staff already disagree with you. We are in the "Our Community" section, and I am a part of the community.

 

>staff disagree with me

>the one staff on the thread supports this idea

>Still don't understand

 

I'm posting this because Kiro told me to so he could post a longer explanation of what he means.

 

We could be using a Sythe chat room, but apparently people enjoy using an insecure method of communication. Hopefully my suggestion gets approved or considered via my suggestion thread. You are right that it isn't completely secure, but it is difficult to hack a Skype account. It should be nearly impossible for someone to brute force because long-time community members should know the risk of people wanting trusted Sythe accounts. Other methods of breaking into Skype accounts should be fairly complicated and solved by 2fa. If someone is capable of breaking into a Skype account that has 2fa and an appropriate password, they would be doing it repetitively to staff members all the time. Keep in mind, this is just my opinion.

I'm under that assumption because you posted this thread. You should wait until after the staff determine your fate, then post this thread.

If you are relying on the community to support your idea and get you out of your pickle, then my opinion should matter.

Anyway, I'll reiterate my position because I misunderstood your OP at first.

No support.

 

No support. You are responsible for safe practices online. If you can't manage to keep your accounts safe then you should be held liable. This suggestion honestly doesn't make any sense.

You take a risk losing an account any time you open a new one up on another forum. If you can't handle the risk, don't make accounts on other forums.

 

This is a conflict of rulings that sort of intersect each other, at least from what is being suggested here.

From my understanding, you're suggesting that off-site forums which lack advance security (2fa) should be exempt from having to pay back the victim of the hacking.

This is where the problem lies:

The ruling of having to pay back victims if the account compromised was not 2factored is a Sythe specific ruling to combat the multiple exploits in website security. This isn't something that is applicable to other websites. You must take into account the software the website uses and it's rules regarding hackings. The other ruling is resolving offsite bans that are associated with scamming/owing money before being able to return here. One could say that this is to prevent/mitigate the potential risk that person may be to the community, or you could say this is universal moral etiquette that should be exercised no matter where the incident takes place on the internet for the sake of consistency.

By deciding to let users back who are in specific incidents like this barring the rulings of the website where the incident took place, it shows a level of impudence towards the victim of the hacking, and it also discourages resolving the issue on that specific website.

Let me ask you this. Are you able to prove that you haven't done anything to increase the risk of potentially getting hacked?

 

It's a crappy situation, but when it comes down to it, either the merchant or the customer is going to lose out in the situation. Holding the merchant accountable is the lesser of the two evils because less people get affected and only their account security is in question (can't do much about DB leaks though).

No support.

 

Just curious, at what point is it the forums fault for not being able to secure their members?

If a database leak happens or mass accounts are hacked and 15 major sythe members all get banned for scamming $5k each on osbot, is it the forums fault then?


Why are all of us taking liability when OUR SECURITY is THE FORUMS issue, not OURS.

THEY should be the ones offering ways to protect US, yet were protecting them by taking all the liability.

seems rather unreasonable?

Why are we all going to have to potentially pay for THEIR lack of security?

 

I see where you're coming from, wasn't there a large database leak a couple years back in around 2011?

 

Osbot suspected a DB breach within the past 3 months, HF has had one within the last week, the owner of HF offered $1k btc for the exploit to be told to him.

Many many other forums have also been compromised and still are.

 

Yea, I totally agree with you on that part. That's why I edited my post when I saw yours. I just didn't think of it at the moment.

With all my conditions, I basically support this only if the Staff from the other forum confirms it was a hack & let him unbanned. They know what's going on on their forum & if they decided that the hack won't have to be refunded, then I don't think we should force him to refund the users to come back on Sythe.
*And if it's suspicious, then we discuss (as I said in the conditions).

I think we're on the same page. It's just the way I wrote it that might've been confusing.

 

I don't use any other forum so this probably won't affect me, but if you've done everything to secure your account and you still get hacked then there's no reason why you should be forced to pay back the victims.