Bitcoin Private and Cloak Cryptocurrencies

There is a huge emphasis on privacy with a lot of new coins but I do feel that a lot of coins focus on a single issue and leave the overall business and usability aspect out.  How do these newer coins fare?

Cloak

My first impression is why doesn’t the non-www version work while the www version does?  Does their team not know how to properly configure nginx or is it just a simple mistake and oversight?

Cloakcoin.com-Forbidden-ConfigError

They call their encryption ENIGMA which I am not sure is a joke or if they aren’t aware of the ENIGMA encryption box in Germany that was compromised during WWII?  I would more so be worried that it is a read between the lines joke or a hint that the team is doing something more than they claim?  Sorry but I just can’t get over the fact that they would not know about the Enigma box from Germany that was decoded.

For my second point I do like the privacy aspects but this is where I have concerns.  On one head they tout privacy, but then to have more privacy they obfuscate transactions by using other clients wallets?  Why would you allow a third-party and random strange to process or handle any part of the transaction?  I do realize they say it is fully encrypted and obfuscated so the random third party stranger on the network shouldn’t know anything about you or your transaction, but to me it violates the principle of privacy and security.  It reminds me of how everyone believed the TOR network is a good idea and secure, but in reality whoever runs an exit node can spy on other users, including the NSA.  This architecture of Cloak makes me worried that a vulnerability could be found and that privacy could be worse than most other Bitcoin-style coins.  Even if a simple vulnerability was not found, you are essentially passing private information to random strangers on the network, the NSA or other large funded organizations could use this to spy on other users or even perhaps modify transactions and create chaos on the network.

I also find it confusing how they say it is private but you have to enable “ENIGMA” on top of “Cloak Shield” to truly make it private?

Here are the parts I’ve picked on from their website:

Alice’s Cloak wallet then automatically sends a request to the network for other Cloak wallets who have elected to become ENIGMA mixer nodes to obfuscate her transaction. All of this is done privately and securely throughout with no identities or true IP addresses revealed.

Bob has cloaking mode enabled in his wallet and the wallet generates a secure CloakShield encryption channel for communications with Alice’s wallet. Bob’s wallet sends Alice a secure connection, containing encrypted inputs and outputs to commence the transaction.

With this confirmed, Alice, with full anonymity, creates an encrypted ENIGMA transaction containing her true inputs and outputs and Bob’s cloaking (obscured) inputs and outputs. Bob and Alice both sign the ENIGMA transaction before it is submitted to the network for inclusion into a PoS block.

Going back to the concerns I have above, I really don’t like how Alice’s wallet would ever communicate with anyone other than the receiver or the Cloak network.  By introducing Bob, there is the chance that Bob could decipher and identify what Alice is doing.  Of course that’s not what should happen, but I believe it is a huge security whole to involve random third parties in confirming or obfuscating transactions.  The situation reminds me a lot of the vulnerabilities in the TOR network.  Essentially Bob is like an exit node, running transactions for Alice.  Bob shouldn’t know who Alice is or what she is doing, but what if there is an implementation error or other issue?  This could be avoided by not using any random third party.

I think Cloak does a great job but they’ve actually introduced a huge security hole by doing the random, third party, processes the transaction part.  It would be like saying “my data is encrypted so I’ll send encrypted copies to everyone”.  Sure it is encrypted but if someone can ever hack your encrypted data either through bruteforce or an algorithm/implementation error then you are done for.  The best solution is to never send private and sensitive data to an extra, third party.

I do think the Cloak project has worked hard and it has some great ideas but aside from privacy and what I believe are security holes in how they implement it, they have done a great job but it is not a coin that does everything right.

Bitcoin Private

For those who know me, I am very much against forks.  As I’ve stated before they decrease, value, lead to scams and confusion.  This can be evidenced with Bitcoin Gold regardless of who you believe was responsible.  Right off the bat Bitcoin Private is warning of scammers trying to confuse you with a warning on their website.

BitcoinPrivate-BTCP-Scam-Private-Keys

The problem with these types of coins, hardforks or what I think are really counterfeits is that you need to give up the very “private keys” of your real, valuable Bitcoin to claim the “new counterfeit coin”.  This is a huge security problem, regardless of who made the wallet what if the wallet is designed or hacked to maliciously steal your real Bitcoins?  There is no easy and secure way to claim your coins from these counterfeits.   Once you give up your private keys to Bitcoin Cash, Bitcoin Gold, Bitcoin Private they could steal your real Bitcoins.

Now there is a way around it, you could transfer your coins to another wallet but it’s a huge pain and a mistake could cost a novice user all of their Bitcoin.

Now in all fairness I appreciate this team at least has official wallets ready for download, unlike Bitcoin Cash.

Users who have the currency called “ZClassic” are also involved here, which is also another confusing fork of ZCash.

This is what I mean about all of the confusion.  It creates an environment where holders and buyers are easily confused about which is the real “Bitcoin”, which is the real ZCash.  And really, I can’t see any reason why people are forking except as a cash grab and counterfeiting spree.

For this reason I don’t trust Bitcoin Private anymore than I trust the other forks (although I trust Bitcoin Gold the least).  I personally feel there is no good reason to trust any of them.  If they want to make a new or better currency they should really just make their own, or at least copy it under a new name.  But of course forking, creates unwilling participants and owners of the new currency, while enriching and rewarding the hardforkers for their counterfeiting.

For those reason if I had to pick between the two, I think Cloak has our best interests at heart and hardforked coins are just a scam, counterfeit and cash grab by unscrupulous people.

Nano AKA Raiblocks XRB and Bitgrail Scam $150M Lost!

A good friend of mine asked me about Nano and I honestly haven’t paid much attention to it.  I didn’t even know what it was until I realize it was recently rebranded from Raiblocks (XRB).  That alone set off alarm bells, aside from it being confusing I suspected there must be more of a reason.

The technical side is impressive although I haven’t used it, they have this block-lattice technology which doesn’t use traditional PoW mining.  It confirms transactions individually between two wallets instead of the entire blockchain.  This is a huge plus but the weakness is that they only seem to focus on transaction speed.  The algorithm described that seems to automatically allow successive transactions to be confirmed sounds dangerous.  I may be missing something from the implementation but it sounds like a potentially vulnerability that an attacker could use after doing a transaction with you.  In addition they still use a public ledger so essentially they are solving the transaction speed alone but they may also have introduced a huge attack vector and vulnerability.

They do have some interesting features such as instant transactions and being infinitely scalable.  But I take issue with any team claiming anything is infinite.  To infinitely scale there would have to be infinite computing resources available which there are not.  It could just be marketing but this stuff does catch my attention.  Combined with the timing of their rebrand and a lot of insider trading and selling I am very skeptical of this team.  At the very least, hiding from the Bitgrail fraud by renaming just before the news broke doesn’t seem honest at all.

I think we have it here straight from their own blog.  I believe the Raiblocks team knew of a massive fraud about to go down with Bitgrail well before they let on or claim to have known something was wrong.  I am not saying they were involved but the timing of their re-branding is extremely suspicious.

This is because on January 31st they suddenly announce the rebrand to Nano.

Raiblocks-Rebrands

Then just 8 days later the Bitgrail $150M loss of XRB happened.  As you will see from the Raiblocks own timeline it appears they were possibly aware for weeks or months that something was going down.

Raiblocks-Rebrands1

The Raiblocks own timeline seems to imply they were aware of issues for weeks if not months before.   It does not mean they were directly involved but it gives the appearance that for publicity and to shrug off this massive fraud associated with their project they rebranded just before things hit the fan.

Raiblocks-XRB-ScamOn 10/19 – 2017 it is not clear if Raiblocks knew about the suspicious transaction but they definitely did in February.  Being under maintenance for no good reason to withdraw is always cause for concern on January 8th.  I am sure when the Bitgrail owner left the joint Telegram channel for Raiblocks they knew something was very amiss on 2018-01-25 (6 days before the rename and about 2 weeks before the public announcement of fraud).  I find this timing to be highly suspicious, it reminds of the Bitcoin Gold scam and I have no confidence in this team or currency because of that alone.

Bitgrail in March 2018 has gone on to make a statement claiming they are reopening and that they insist there is a flaw in Raiblocks that caused the theft.  Of course both sides may have motivation to blame the other.  In all fairness at least Bitgrail has pledged to offer some ERC20 tokens they are creating and that users will have access to all of their coins upon reopening (aside from the lost XRB of course).

Cash Fund dedicated to the victims of the NANO theft In view of the forthcoming reopening of Bitgrail.com (we will soon announce the exact date), BitGrail srl intends to inform its users of the details of the soon to be established cash fund dedicated to NANO owners, victims of the theft that was communicated on February 9 2018. Prior to that, a premise concerning the suffered theft and Bitgrail's obligations arising from the theft itself. BitGrail S.r.l intends to stress having been subject to theft, a crime made possible by taking advantage of faults in the team NANO's softwares (rai_node and the official block explorer) and therefore, for these reasons and in accordance with the law, it is not in any way responsible for the situation. We confirm that an investigation led by the legal authorities is underway The purpose of the investigation is to shed light on the theft, therefore we have already provided all the useful elements in order to reconstruct the facts, including the evidence concerning those involved in the fraudolent activity, who took advantage of the vulnerability of NANO's software, thus not Bitgrail's. Those grounds are alone sufficient to relieve BitGrail S.r.l of any refund obligation and/or repayment of the stolen amounts. However, as further demonstration of the good intentions and seriousness of the company, in order to meet its users half-way though without recognition of any liability, BitGrail S.r.l intends, on a voluntary basis, to establish a cash fund (by creating a token) dedicated to the users damaged by the theft. Doing so, they'll be enabled to recover their stolen funds over time. We must specify that, since they are not victim of the theft, users that didn't own NANO will have full access to their coins at the site reopening. (all the coins are safe, apart from XRB). Token BGS (BitGrail Shares) A new token (BGS, BitGrail Shares) is already present on the wallet page. 15.6 MLN of them have been distributed in a 1 to 1 ratio with the stolen NANO. The users who have been damaged by the theft (Meaning solely and exclusively all the NANO owners on Bitgrail) can already see their 20% updated XRB balance and, at the same time, the remaining part (80%) converted into BGS. Access and ownership to/of the BitGrail's token is granted only to users who will accept the settlement agreement, as stated in the next point. The new BitGrail Shares token will have its own market on Bitgrail's platform. It will be possibile to trade the token, but not deposit it or withdraw it. It is not excluded that the abovementioned token could be converted into an apposite cryptocurrency, thus enabling withdrawal and deposit. The first of the month BitGail will use the 50% of the previous month trading fees income in order to reacquire the BGS token, proportionally among the users who have them in their Balance. The tokens' buyback will occurr at the fixed price of 10.5 $ per unit (in Bitcoin), considering an average of BTC/USD pair among various exchanges ( Bitfinex, Binance, Bitstamp...) As said, it will be possible to trade BGS on the platform. Users who own said token will be able to buy and/or sell at a different pricing from the one required for the buyback. Doing so, users will have the chance of liquidating their BGS in advance, whenever there is an adequate market situation with the desired price. Any amount that can, in case, be recovered from those who have perpetrated the unauthorised withdrawals (therefore materially in the availabilty of BitGrail S.r.l) will be immediately destinated to the tokens' owners up to the extent of the pro rata sums subracted from the damaged users. (with value of 10.5$) Agreement with the users With the reopening of the site, the use of the platform for the victims of the theft will be bound by the signature of a settlement agreement. The latter will be characterised by an expressed renouncement from the users to every type of legal action, and will have to be formalized through the compilation of a form. The last will have to be printed, signed and uplodaded with the attached documents. Such renouncement will allow the availability of the BGS tokens above described. In denegata hypothesis, subjects who won't accept the settlement agreement will have no alternative except for the account termination in compliance with the TOSs. Extra UE users As already anticipated in the past, BitGrail won't be able to guarantee the trading to the extra UE users for a limited period of time. Our intention is to reopen the access to the whole world as soon as possible. Extra UE users will be able to deposit and withdraw. The BGS token buypack will also be available. Implementations of the platform With the purpose of guaranteeing a faster execution of the plan concerning the purchase of the tokens owned by the victims of the theft who have accepted the agreement, BitGrail S.r.l. will immediately work on the implementation of the site, focusing on: Markets/pair increasing by adding other criptocurrencies Interface and charts improvements an APP for smartphone / tablet the realization of a referral link system A voting system based on the BGS tokens for the list of new emergent criptocurrencies will be implemented. Thanks for the attention. Bitgrail S.r.l.

It’s hard to know for sure what has gone on in this case.  But this week XVG (Verge Coin) was hacked due to a flaw in how coins are mined, and something similar with Cryptonight for Monero and Bytecoin was also disclosed recently.    Who is to say that the Coincheck NEM issue also wasn’t due to a similar but unknown or undisclosed flaw?

Videoblocks.com Scam Review Complaint

I don’t know why but I’ve never encountered so many online scams in my life!  Gone are the days where things were fairly normalized and most online stores and sellers were generally honest.  I thought these tactics were a thing of the past in the wild wild west of the web but in comes videoblocks.

They seemed good enough and their offer was reasonable at $149 USD/year for unlimited downloads to their footage.  This was confirmed on their main site and screenshots during the offer.

Videoblocks-scam

A few days later I received this e-mail from them saying they will randomly bill me for some trial I didn’t agree to in 2 days!  Also note there is no information on how to stop the billing.

Note the timestamp is on 2018-03-09

Videoblocks-scam-billingemail

However on the same day they billed me (apparently 2 days means the same day to them)! To be clear I didn’t signup for any trial or authorize any further billing!

Videoblocks-scam-billing

I immediately fired off an e-mail telling them what I thought about being billed without my authorization or knowledge.

Videoblocks-scam-billing-email

There was never any mention of this during my signup but I am told it is crammed into their TOS.  This is clearly deceptive and a scam in my opinion.  Even though I responded to the e-mail right away telling them I didn’t agree to it they are still trying to steal my money!

I’ve included the response from Videoblocks.com below.

Leigh Harrison
Subject: Fwd: Re: Thanks for taking your membership to the next level Areeb!


Rick Jernigan replied:

 

The problem with their response is that I didn’t agree to anything they signed me up on their own for some bogus trial I wasn’t notified of and then instantly billed me.  There was no mention of a $198/year package anywhere on their signup form or their website at all.

Because of this I don’t trust them and I will never use them again and sure hope they don’t charge my credit card again for some other random services or trials that I didn’t agree to!

There are also numerous complaints identical to mine on this issue: https://www.ripoffreport.com/reports/videoblockscom/reston-virginia-20191/videoblockscom-footage-firm-deceptive-free-trial-reston-virginia-717040

Neo, the Ethereum Competitor from China. How does it stack up?

Some friends have asked me for my thoughts, I admit I haven’t paid much attention to Neo myself but I am happier with this project, the team, architecture, planning and thought that has gone into it.

First of all, Neo, in my opinion has the technical superiority and is the better and faster coin to use everyday.  It has similar features such as the digital asset/smart contract option and API.   Neo is based on C# basically the fastest and most efficient programming language.  Ethereum is based on my arch nemesis, Java which I’ve always found to be efficient, slow, buggy and riddled with security issues (which is one thing that makes me very nervous about major bugs or hacks impacting the Ethereum network and blockchain in the future).

My belief is that because Neo is seen as Chinese based that it has scared away investors and this is the only reason why we see Ethereum as #2 or #3 in terms of market cap.  Neo is not far behind and if more attention and awareness shifts towards it I believe it’s only a matter of time before it overtakes Ethereum.

I’ve also seen much more evidence that the Neo team cares about the community by actively participating in discussions.  By comparison I can see endless complaints about issues that the ETH community has on their own forums with seemingly no response from the team.  Another factor is that the NEO team seems to be a professional and experienced team.  The ETH founder is only 18-years old and originally from Russia (nothing against Russia I am long there and we have many wonderful clients from there and around the world!).  I am highlighting that both teams are overseas but the fact that Neo is entirely Chinese and based inside China is probably the stumbling block for its growth.

What is wrong with Neo?

One big issue that I believe will be a huge problem is the fact that Neo is not divisible.  You cannot buy a fraction of a Neo.  This will be a huge problem even at it’s current value of $108 USD.  What if you want to buy a bag of chips or a USB stick?  It completely fails as a currency even though it’s otherwise superior to Ethereum.  How about if you want to invest in an ICO and you want to send .5 Neo?  No, not going to happen so Neo has set itself on the path to self-destruction in my opinion.  I’m very disappointed as otherwise it has done everything much better than Ethereum but shoots itself in the foot over the inability to ever be a real currency or used in daily transactions and this will only worse as the value increases.   This in itself almost makes the currency fail and is major stumbling block.  I also take issue with Neo’s GAS which will become another huge issue just like Ethereum, it is confusing and annoying.  See my blog post about how a $5 transaction in ETH cost me over $105 in gas fees!

Don’t get me wrong on this issue, I am long China, but with all the news coming out of China I believe it scares people away from this currency.  This aspects actually draws me towards it, in China there is such high regulation that the kind of scams I see many other developers pull is much harder to do even compared to Japan.

I would be all over Neo if the coin was divisible.

Would I invest in Neo?

Not at these levels, but I also won’t buy more Ethereum for similar reasons.  I do think Neo is a much better implementation of the Ethereum concept minus one huge issue with the currency division not being possible.

The hype on this digital asset/smart contract sounds great but in practice I am strongly against directly mixing currency and other assets in the same technology especially after Ethereum’s parity issue (we’ve seen nothing yet and I believe most of these smart assets will experience huge issues in the future).

Neo could still very well be an Ethereum killer but suffers from GAS and non-divisible currency.

Mercatox Cryptocurrency Exchange Review

I found Mercatox because they were one of the few that had some coins I wanted to buy but have since given up out of both frustration and lack of trust.  Unfortunately in traditional form these smaller exchanges are usually broken or worse, some are often unreliable or outright scams.

The first notice I saw was a warning of “not to deposit to old BTC addresses due to security issues”.  It is good to warn your users but why couldn’t they secure their own wallet?

So why not send some ETH?  Oops it’s not working.

Mercatox-ETH-Deposit-Not-Available

Dogecoin is “Not Available”

LTC is “Under Maintenance”.

Mercatox-Broken

So basically you have an exchange that isn’t working from the start and can’t accept deposits.

That’s when I clicked the “Logout” button as fast as I could, never to return to Mercatox.  I’d rather not deal with the myriad of other issues that are the symptom of problems at the front end.  This is also because in the cryptoworld 9/10 companies will never help you no matter what (eg. missing coins, deposits, withdrawals) good luck unless you sue them (if you can find them since most are anonymous without real contact information or ownership).