On 10 Dec 2003 at 15:19, Nostradumbass@SAFe-mail.net wrote:
E-gold and other DGCs do not do much if any due diligence in checking account holder identification
Unfortunately, they also don't due much if any due diligence in identifying themselves in messages to real or potential customers, so it's extremely difficult to determine if I've gotten any administrative messages that really _were_ from them as opposed to the N fraudsters sending out mail asking you to log in to e-g0ld.com or whatever fake page lets them steal your egold account number and password so they can drain your balance. A policy of PGP-signing all their messages using a key that's published on their web pages would be a good start, though it's still possible to trick some fraction of people into accepting the wrong keys. For now, my basic assumption is that any communications I receive that purport to be from them are a fraud, and it's frustrating that there's no good mechanism for reporting that to e-gold. At 07:08 PM 12/10/2003 -0500, Nostradumbass@SAFe-mail.net wrote:
-------- Original Message -------- From: "James A. Donald" <jamesd@echeque.com> Date: Wed, 10 Dec 2003 14:13:59 -0800
On 10 Dec 2003 at 15:19, Nostradumbass@SAFe-mail.net wrote: ...
ALTA/DMT does have a certain degree of un-linkability in that once accounts are deleted all db references in the system to that account are also deleted from all ALTA/DMT dbs.
Trust us. Would we lie to you?
This info was obtained from discussions with the developers, experiments with the system and examination of the code.
You can't tell if the code you're examining is the real code, or whether it will continue to be the real code in the future. You can't tell if the system is making backups of its databases. You can't tell if the experiments you're making with their system are really detecting that there's no information stored, or merely that it's not telling _you_ where they stored it. You can't tell if they're stashing session keys somewhere for the Echelon folks to correlate with their wiretap data. You can't distinguish whether any system is sufficiently advanced or merely a rigged demo, nor can you tell which one this system is. You can't tell from discussions with the developers whether they're lying to you, at least unless they're bad at it. You can't tell from experiments with the system that did in fact pay you the money that they should have whether they'll always do so in the future. You can't tell from extremely detailed experiments where they give you the root passwords to all their machines and let you watch the bits go in and out whether all future transactions will be handled the same way or whether they're just stringing you along until there's enough real money in the system or enough money from real suspects that the owners or various monkeys on their back want to rip off or rat out. You're back to trusting them. I don't know them, so I don't know if they're trustable, but there are people in this business who are, as well as others who aren't. You can tell whether you've given them any real information, and if the system doesn't collect it, it can't rat you out. But otherwise, it's basically trust.