Category Archives: Uncategorized

SuchList.com new design

Dogecoin has come a long way during the past year. From a joke to a loyal following coming together to do great good. Where will it all end? I belive large part of that is up to you an me.

After spending almost the entire year adding security and safety features to SuchList.com I really wanted to get some time to focus on other things I had wanted to bring to the community. Auction support and now the latest thing added was a secure, multi signature based escrow service. But one thing has always been on my “like to do” list and that was a redesign of the site.

Today I can finally release this update to the wonderful community.

SuchLIst.com new design

SuchLIst.com new design

There will probably be minor glitches and things that don’t work quite right in the new design and please don’t hesitate to contact me if you run into any troubles. Or if you just happen to have any feedback.

I thank you all for your contributions to the Dogecoin community and hope that we have another fun and exciting year ahead of us!

Validate your Steam account on SuchList.com

The existing system for validating user information was written to be easy to extend. Several validators have been added to it already but there was another one I wanted to add.

Several users sell Steam games and game items so it felt natural to give users the possibility to validate their Steam accounts on SuchList.com.

It is done as with most validators.

Step 1

Access your user profile menu

Access your user profile menu

Step 2

Select the option to validate user information

Select the option to validate user information

Step 3

Select the Steam validator

Select the Steam validator

Step 4

Follow the simple steps, fill in your steam community name and click validate

Follow the simple steps, fill in your steam community name and click validate. Note: This image instructs the user to enter the string in their summary. This is now changed to adding it as a comment and the live site has been updated to reflect this.

Done

Congratulations, you have now validated you steam account

Congratulations, you have now validated you steam account

You validated information is clearly visible on your profile and users will be able to easily access your public steam profile to learn more about you and to make sure you are who you claim to be.

SuchList.com on site chat

To help shibes find shibes and for users to quickly connect the site now offers a chat system.

There are chat rooms (only one at the moment called the “Doge pen” for random chatter) and users can create own private rooms (and protect them by password) if they want to discuss something in private.

Chat room overview

Chat room overview

Users online can also be contacted through their listings to quickly ask questions etc.

freichat_item
You must be logged in to access the chat system.

Hopefully this will be beneficial to all users. I will evaluate it after some time.

SuchList.com escrow service released!

As previously mentioned I have been looking into a way to offer a working substitute for the now long gone mitm.io that I used to recommend. Now I’m happy to announce that the Dogecoin based marketplace for commerce between users, SuchList.com, has a working escrow service on the site.

As previosly mentioned it does not store any coins on the site so there’s no central wallet that could be the target of an attack. Instead all coins are held secure on the block chain and is protected by secret keys chosen by the buyer and seller. These two keys that must be known to be able to withdraw any coins are not saved on the site making it a very secure solution.

It’s currently in open BETA and I must urge everyone to use the system at their own risk. I have done dozens of transactions suing the test network and several with real coins and not had any issues at all. All coins have been withdrawn without issues. But if any issue were to arise I just want to make sure I have warned people.

I have not spend to much time on graphics, so I’ll give that some love asap. But I wanted to get the functionality out to you all as soon as possible to make sure you have some kind of secure way of sending coins when doing commerce.

Anyway, let’s take a look at how it works.

Using the escrow service

As a seller you are contacted regarding one of your listings. You and the buyer agree on terms (such as price etc) and you go to Register a Deal. Most of this looks familiar.

Seller Registering a Deal

But after all the normal things like price, quantity and who the deal is being made with, a few new options present itself. Here the seller now has the option to specify the type of transaction that is connected to the deal. Right now the user has two choices. External which means that the seller and the buyer handle this on their own. They are perhaps meeting in person or sending coins in some other way. The second option is the interesting one for this article, the Multi Signature Escrow. This option allow the seller to “attach” a transaction request to the deal.

escrow_walktrhough2

Selecting the Multi Signature Escrow option a few more options and some information presents itself. Here the seller is asked how he wished to protect his “part” of the transaction. The first option is to use your SuchList.com password. What in fact happens here is that a 512 char secret key is generated for you and this is encrypted and needs you SuchList.com password to be decrypted. Since the password itself is only stored in an encrypted form on the site and all communication is encrypted using SSL this is very secure.

The second option is to use a specific secret pass phrase for this single transaction. This pass phrase is not stored on the site and it’s up to the user to remember this. If a user opts-in to use this approach I probably recommend having the key stored somewhere, especially if you are doing many deals at once and have to remember a lot of keys.

escrow_walktrhough3

Once the deal is registered a mail is dent to the buyer as usual and he is presented with the fact that there are unconfirmed deals by a notification on the site.

escrow_walktrhough4

Clicking this link the user will see a list of deals that are not yet confirmed. But now, the list also includes information about what type of transaction the deal was created with.

escrow_walktrhough5

The user is free to Cancel a deal here like normal or Confirm it.  Once the deal is confirmed and it is a deal with a transaction type of Multi Signature Escrow a second screen will be displayed for the user.

escrow_walktrhough6

Here the user see an overview of the attached transaction request. The user is also asked to secure his “part” of the transaction in the same way as the seller did when creating it. The deal is not confirmed until this part is done. So the user can spot things here that are not part of what the seller and buyer agreed upon and go back an Cancel the deal if they want to. Once the transaction request is also confirmed the transaction will be added to the sellers Active Transactions list.

escrow_walktrhough7

Here the seller will see a quick overview of all active transactions. Clicking Details on any transaction brings up a more detailed view of the specific transaction.

escrow_walktrhough8

The same is true for the buyer who will also see the transaction among the list of Active Transactions.

escrow_walktrhough9

If the buyer clicks the Details button for the transaction he will see the current state. Right now the transaction is awaiting coins to be deposited to cover the transaction. The seller can see how much coins have been deposited and how much remain to cover the transaction.

escrow_walktrhough10

When the buyer clicks the Details view information about how much to deposit and into what address to deposit to is presented. Any coins already deposited and confirmed are visible here (if the buyer makes several smaller deposits to cover the transaction for instance).

escrow_walktrhough11

The buyer now transfers coins into the given address using any means he feel comfortable with. In this example we use the Dogecoin Core Wallet software.

escrow_walktrhough12

When the coins have been transferred a green check mark appear to let the users know that enough coins have been deposited.

escrow_walktrhough15

When the buyer clicks Details now information about the fact that enough coins have been deposited and that the seller can now request a release is presented. At this stage the seller can be confident that coins to cover the transaction exists and can not be retaken by the buyer. So, it’s safe to transfer any purchased item and then request a release of the coins.

escrow_walktrhough17

In the sellers Details window for the transaction the option to request a release of the coins present a few fields of information for the seller to enter. The address to which the coins should be withdrawn should be entered (and reentered to minimize the risk of the seller entering the wrong address) and the users password (or unique pass phrase if that was used) to sign the withdraw request. The reason the address to withdraw to has to be entered here is to make sure there is no single site wide address used for the user that could in some way be manipulated. Here the seller instead has the power to decide the destination at the point of requesting the withdraw.

escrow_walktrhough19

After the release request has been sent the seller will see information about the release awaiting the buyer to confirm it.

escrow_walktrhough20

After the seller has sent a request to release the coins, the buyer will have the option to release the coins. The key used to protect the transaction must be entered and after that the coins are withdrawn and sent to the address supplied by the seller.

escrow_walktrhough21

The transaction will now move into the users Historic Transactions list and buyer will see information about the fact that the coins are released.

escrow_walktrhough23

The seller will see that the coins have been released and the TxId of the transaction.

escrow_walktrhough24

Clicking this link will take the seller to detailed information about the transaction.

escrow_walktrhough25

What remains

To get this functionality into your hands as quickly as possible a few things had to wait. For instance, the UI could use some love. I will probably do this along with the site wide graphical update. Also, Auctions (that don’t register deals in the same way) don’t use this system yet. Those of you who use auctions a lot could tell me how they would like it to work for auctions. One option is to allow auctions to close like normal and then have a button to Create Transaction Request for that deal after the auction is closed. Another option would be to allow the seller to select if the escrow system is to be used when creating the ad. Then the transaction request could be automatically created when the auction closes.

External escrow service

I intend to provide the option to use the escrow system even when not connecting transactions to deals on the site. But that will come at a later date once all possible kinks have been worked out.

Secure transfer of coins

As many of you know I have always tried to work with safety and security in mind when developing www.SuchList.com for you all. One of the things that got me started with SuchList was being scammed myself and seeing other being scammed online.

You see, one of the inherit problems with online based commerce is that anybody can claim to be anybody and it’s really hard for someone else to make educated decisions on whether to trust the supplied information or not.

For this reason I decided, early on, to build features to let users verify information about themselves. This includes things like Reddit accounts, Twitter accounts etc. It does in no way give you a complete picture, but instead serves to help you make your own educated decision. Someone with a, several year old, public Twitter profile that makes legit posts might be easier to trust.

But this relies on two things. Users willing to verify their information and other users actually making use of the available information in their decision making. Unfortunately it still happens that people spend large amounts of coins on some item offered by some user who has verified no additional information or only a brand new Reddit account without any history. Of course a user like this could be 100% legit, but it can be really hard to know or feel comfortable putting trust in a user like that.

How to add extra security?

The most crucial part of any online transaction is the transfer of funds from one party to the next. Here the ideal situation is to use some kind of extra layer in order to guarantee that the funds are not just blindly sent from one user to the next but instead have a platform that adds security and removes incentive for any party to try to be deceitful.

This is normally the domain of an escrow service. An escrow service works in the way that the seller requests a payment of x coins from the buyer. The buyer then transfers the coins. But instead of transferring them to the seller directly they are transferred to a third party that will hold on to the coins. The amount of coins received are displayed to the seller so the seller knows once the payment is done in full. The seller is then free to ship his goods to the buyer.

The nice part here is that both parties can verify that the payment is covered, but neither the seller nor the buyer can single handily withdraw the coins. Instead the buyer will release the coins once the goods have arrived.

This removes the incentive for a seller to try and scam a buyer, since the seller only get the coins once the buyer has actually received the goods. A seller not set on actually shipping any goods would thus never receive any coins.

It also removes the incentive for buyers trying to scam sellers into shipping goods and getting paid once it arrives, without actually planning to pay for the goods at all. Since the coins would be held in escrow and not easily reclaimed by the buyer.

Up until recently I recommended the escrow service mitm.io for this service. It was very easy to use and the times I tried it, worked flawlessly. The problem as of late has been the small annoying fact mitm.io has not been online for quite some time. The site was owned and operated by Moolah. and given all the drama around that it’s quite clear that it wont be comming back (and if it did I could not with a good conscience recommend it).

Solutions to mitm.io’s absence

During the time mitm.io was down but all the problems with Moolah still hadn’t been brought to light I opted in to act as a manual escrow for users of SuchList who needed the extra layer of security. This worked fine, but introduced a lot of extra work for me. More importantly it broke one of the main ideas of the site, that no user should have to rely on me for their payments to go through etc.

Ever since the start of SuchList I have had users asking me to include my own escrow service on the site. Several other sites do this in one for or another and I have not been blind to the use case for such a thing. But one thing I have always been against is the site storing coins in any way. A site, full of user accounts, full of coins, is a prime target for hackers. Even though a lot of safe guards are already in place I feel it would be dumb to add the extra risk.

You see, users loosing coins to hackers is one the worst things for the currency. A lot of, often unintentionally, insecure services have been breached and caused bad headlines. I did not want to add to that problem.

For this reason I declined the idea of implementing my own escrow service and stated my opinion and reason for this every time I got the question.

But the downfall of Moolah and the absence of mitm.io really annoyed me since I felt users were now left without a quick and (at the time) reliable escrow service. Asking people to go back to sending coins directly to each other without any security was not something that was good enough for me. But what could I do?

Introducing the fully integrated SuchList escrow service, with zero coins held by SuchList

I have always tried to think of a way to somehow creating  a very secure way of transferring the coins. After talking to various people I now think that I have found the solution that I have been looking for. It brings the best of both worlds. A fully integrated escrow service that works within SuchList itself. But at the same time SuchList will hold absolutely zero coins on the site. No, I don’t mean that I will export them to some cold storage and keep it secure like that. This would make users 100% dependent on me and when I had time and energy to transfer requested funds.

Instead, every escrow transaction will be kept secure by the one thing we trust the most (even if we don’t know it), the block chain.

Instead of trying to stash the coins held in escrow away somewhere  and hoping no one gets to them we hide them in plain sight. The way this works is through multi-signature transactions. That is, instead of you signing you transactions like you normally do on the Dogecoin network a transaction that requires more than one users signature is created.

How does it work on SuchList?

First, let me note that this feature is not released yet. But I still wanted you all to know what will soon be here in the light of the recent Moolah drama. Functionality is in testing but not much energy has been put into UI at the moment.

When you register a deal on SuchList everything looks like normal, except you have one additional new choice to make.

escrow1

Registering a Deal

Besides all the normal information you can now select to create a Multi signature escrow payment connected to your deal. Note that this is not forced and you have the option to select External Transaction. This means that the transaction is handled outside of SuchList.

Why did I do this? Since I have always said that if I ever include any way to handle payments on the site I will make it optional to use. Perhaps you know the person you are doing the deal with or you are meeting in person. You should not be forced into using a specific payment method then.

If you select to use the escrow system you will have to enter some more information.

escrow2

New escrow option

I have tried to keep everything 100% free, but users have told me that I must make sure the site survives and is financed. So in order to help with that a small fee was introduced. Do note though that you are not forced into using the escrow service.

The seller and buyer can agree on how to cover this fee. They can split it, the seller can pay it or the buyer can pay it. How much the buyer will have to deposit and the seller will get when he withdraws the payment is clearly visible for every given option.

Next you select how to secure you transaction. You can select one of two ways.

  • Protect it using your SuchList password (actually a lot of random characters encrypted by your password)
  • Protect it using a passphrase you set that is unique to this specific transaction

Exactly how this is used will not be discussed here, but it’s basically used to generate the keys used to sign your transactions. A user confirming a deal will choose how to secure his/her part of the transaction in the same way. In order for the seller to request a release or the buyer to release the coins they must know their respective secrets.

One thing I have always wanted to guard against as much as possible in the event of the site having any kind of service like this is how to avoid a complete breach from loosing a lot of user coins. Sure, it’s a bit paranoid and probably not the most common scenario to try and stay secure against. But with this solution we get quite close.

Since you password is encrypted on the site and a unique pass phrase you might choose is not saved at all on the site it would be very hard for anyone to gain access to this required information and release a payment in your place.

Since coins are not actually stored on the site a breach would not give a hacker access to all the users coins. Further more, coins released from escrow are sent to a wallet of the sellers choice. Not kept in some temporary wallet controlled by the site. This further reduces the likelihood of any hacker gaining access to any coins.

Also, one last thing here is that since these transactions requires multiple signatures a hacker who obtained your password or somehow got access to the site and managed to brute force your unique pass phrase would still not be able to withdraw any coins. Since it would require at least a secondary signature as well.

Release

I hope to have this ready for release very soon so you can all go back to making secure online commerce with escrow service if needed.

If all goes well the plan is to also add support for escrow transactions for people who are not active users of SuchList. But that will follow at a later date.

 Some development screens

Here are some additional screen shots. They are a work in progress and things have already changed a bit, but just to give you a quick glimpse.

Deals to confirm now show if they use the escrow system or not

Deals to confirm now show if they use the escrow system or not

Confirming a deal using the escrow system shows some additional information to the buyer

Confirming a deal using the escrow system shows some additional information to the buyer

escrow3

A quick overview of all your active escrow payments

escrow4

Payment details for a non fully funded payment

escrow5

Payment details for a fully funded payment.

How to stay safe when buying something on SuchList.com?

The problem

In the pursuit to make Dogecoin based commerce a reality we will all face a few problems. One of the largest ones will be the same thing that it is for commerce using “regular” currencies to. Scammers.

Scammers are people who basically want to rip you off. They present you with some good deal and try to figure out a way to get your cash and make a run for it.

The solution

This is nothing that digital currencies are immune to. So when I built SuchList.com I wanted to help people know who to trust. It must always be a user decision to trust someone or not. Having a system that somehow decides if a user is trustworthy or not would be susceptible to manipulation and could cause false positives that could get a lot of users duped.

Instead I opted for the approach of supplying mechanisms for users to prove more about their online persona and thus help potential buyers know more about them. This information, along with feedback left by previous buyers etc would help users make educated decision of who they should put their trust into. So how do you use this information on the site?

How

If you browse the site you will see a bunch of items offered by other users. In the listings you will see the type of offer it is, where the item is located etc. You will also see small icons representing what kind of information the user has verified about himself.

safe1

Here we see that the user has verifed a reddit account. If we click on the item to look at it in more detail we can get even more information that’s connected to your safety.

safe2

Here we are presented with the publishers name and a number within parentheses. This number indicates the users feedback score. The feedback score is based on feedback gained both as a seller and a buyer. A high feedback score makes me a bit more confident in the user. But you should still examine the user more. You can also see if a user has any validated information here.

Clicking on the users name you will be taken to his profile where you will be able to see this information in more detail. But, in order to protect users data no information about what user account on reddit that verified etc is public. Instead you have to have you own account and log in to be able to view this information, along with the user feedback details. This also keeps Google from indexing this type of information.

So, if you haven’t already, sign in and go to the users profile page. In order not to make this users information public here I will now switch to using my own profile in these examples.

safe3

Here we can see some personal information about me. Where I’m located, an overview of my feedback and my verified information. I have verified quite a bit of information. But just because of that you should not automatically trust a user. Instead you should examine it further in your quest for confidence.

One thing to check here if is the user has verified a phone number through sms. If the phone number were to have a country code of Sweden and the user claims to be in USA I would become a bit suspicious. This in itself does not have to mean the user is a scammer. He could be in the states for work or any other reason. But it would catch my attention.

Also, if the user claims to represent some website or online store and have not had that website verified I would also take this into consideration. Perhaps ask the user to verify the site he claims to represent in order to add trust.

After this I would start going through the verified accounts. Check their history. In this case I have an eBay account verified. Great right? I must be a terrific seller! Well, let’s click on it and take a look at it.

safe4

As you can see, I have an totally empty account. So only looking at the fact that an account is verified is not enough. In fact, I created this eBay account just to be able to implement the validation code for the eBay accounts. So I have never actually used it. In sweden we use a subsidiary of eBay called Tradera where I do have an account with a bit more activity on it though… hehe

If the user has a lot of activity on eBay, check their feedback on eBay. Don’t forget to check how old the account is and how old the feedback is.

Then do the same for the other verified accounts. Check the users reddit account and it’s history.

safe5

Try to find relevant questions to ask yourself about the user.

  • How old is it?
  • What reddits do the user post in?
  • How often does he post?
  • Is he the moderator of any sub reddits?
  • Has he had complaints before?
  • Is he mentioned in /r/dogecoinscamwatch

Continue to check the other accounts and their history. Twitter and LinkedIn. Someone with a verified LinkedIn account that isn’t an obvious fake is probably not keen to destroy his professional life by scamming people for instance.

After this you can look at the users feedback details.

safe6

Here you will see a lot more details about the user and the feedback he has received. Both as a seller and as a buyer. You will see the users “score” in different sub categories information about what was bought or sold, when and with what other user the deal was made.

You can then start examining each individual feedback even more.

safe7

Looking at a specific feedback entry you will be able to see detailed information about it. Use this to try to spot any attempts at manipulations. Does a user have a lot of deals but only with one other user? Perhaps he registered two accounts and tried to build himself fake rep. Check the date and time of when the feedback of different deals was given and received. Also, if the system notices that the two users that were part of a deal ever shared an IP address this will be notified in the Status field. This does not have to mean that this is fake feedback, it could be two friends making a deal on the same computer etc. But it would be another thing that would make me think twice.

Make your decision

All this information, when combined, should help you make an educated decision about trusting this user or not. If the user would have had no feedback, one verified piece of information that was a reddit account that was brand new, sold expensive but desirable goods and perhaps even insisted on payment up front I would be very skeptical.

But if everything checks out or the user in some other fashion gains my trust I would go ahead with the deal.

Adding a bit of extra comfort

If you decide to trust the user but he still don’t have a ton of feedback and you want to add some extra security I highly recommend that you use an escrow service.

The one I have been recommending that has been super easy to use has been mitm.io. Unfortunately it seems to be down at the moment and despite several requests I have been unable to get a clear answer from the people over at Moolah about when/if it will be back online.

Since I want you all to be able to stay safe, I want you all to know that you are welcome to contact me to function as a manual escrow until mitm.io is back or until we have a good substitute. This will ad a bit of a delay since I will have to manually handle this and if a lot of requests come in I will have to put a small fee on it so I don’t drown by the work load. But for now there’s no such fee. I can be contacted through the contact form on SuchList.com or you can contact me on reddit /u/inquam.

Also, do note that the same level of caution and scrutiny of users should be done if you are a seller and is contacted by a potential buyer. Look at his account, verified information and the history of those accounts in the same way.

 

staysafe

How I bought a $26 game on steam for less than $0.50

98% discount? Sure!

So many of us have grown accustomed to using Steam. It’s a convenient way to buy your games and be able to access them from different places.

Adding to that are the many sales that happen throughout the year that allow us to get games for great prices. A $20 game can often be had for something like $8, which is an impressive over 50% discount. But what would you say about a discount that was in the 98% discount range?! Sound like a utopian dream? Well, it’s actually possible and here’s how I did it.

$ is merely a tool

First, you need to shake the notion that we actually have to buy the game with your $. Instead we use our $ as an instrument to obtain another currency known as Dogecoins. This might sound like a joke (and it actually started as one) but Dogecoin is in fact a “real” digital currency with which you are able to send and receive payments all over the world without hefty fees going to banks and payment providers.

Dogecoins are held in a virtual wallet which is basically a file on your computer. In order to learn more about Dogecoin, and how to keep your coins safe, go to http://dogecoin.com. If you are in to Reddit you could visit the sub /r/dogecoin and get answers to all your questions.

Turning $ into Dogecoin

To obtain Dogecoins you can do things like mining etc. but for this I want to show you how you quickly can get your hands on Dogecoins in order to snatch up good deals. So we are using $ to buy Dogecoins. To do this you can go to www.weselldoges.com.

weselldoges

What weselldoges.com does, and does very fast and efficiently, is to allow you to send $ using PayPal and send you Dogecoins. You do pay a small premium, but when you look at the deals you can make when using Dogecoins it quickly becomes apparent that you are still able to save a ton of cash.

If you would buy $10 worth of Dogecoins right now at the current rate you would get 62657 Dogecoins.

Finding something to buy

Now that we have our Dogecoins we head on over to www.SuchList.com. SuchList enables users to post ads of things and services they wish to sell or buy. It supports both auction style ads and classical classified style ads where the price is fixed before hand.

suchlistmain

What caught my eye this particular day was an ad for the highly acclaimed game Galactic Civilizations II: Ultimate edition. The “For Sale” logo tells me it’s a classified ad and around it we can see more posted classified ads and auctions.

suchlistgalacticov

A closer look at the ad in question reveals some information as well as the price in Docegoins.

suchlistgalacticclose

A quick look in the Steam store showed me the game had great ratings from both Meta critic and players. So after I decided this actually was a game I probably would enjoy I looked at the pricing on Steam.

steam

It was priced at right under €20 which turns out to be around $25. Going back to the game offered on SuchList we read the description to see if there are any special conditions and the availability to make sure it’s actually sold to me in my country.

suchlistgalacticdetail

After making sure the offer was available to me and reading up on the description my interest remained. But around 2600 Dogecoins! That sounds like a lot, right? Much more than the nice figure of 25 which was the price in $. So what is the actual price converted back to $?

You could calculate this in your head, use some existing service or just look at the approx $ value calculated by SuchList. This is updated every 5 min. We see there that the game on SuchList is for sale for about $0.35! Counting in the premium we paid weselldoges.com in order to quickly be able to convert $ to Dogecoins instead of going through some exchange etc we still get a huge discount!

Not unique!

It might sound like I got really lucky with this deal. But a quick look on the games offered on SuchList.com shows that many of them are offered for prices of at least 50% discount or more compared to Steam retail price. Granted that not all are, but there’s a big enough porting to allow you to make some good deals if you are willing to just first convert your $ into Dogecoins.

So, although I perhaps struck it a bit lucky, 50%-98% discounts on Steam games is indeed possible if you join the Dogecoin community!