1) You really shouldn't be running java applets unless you are certain you want to. I have had Java disabled for about a year and have only seen a page that required it once.
2) The domain name should've been a dead giveaway
3) Why would MtGox refund it? You got your money stolen by someone else. It's not MtGox's fault at all.
One would expect a certain level of security measures for a site that directly influences your financial situation. Most CRUD applications require you to put in your old password when changing your new one. Apparently you can actually trade coins away from your account without typing your password on MtGox. That's just ridiculously unsecured.
I don't think that'd solve the problem though. His password was stolen. So the hacker had the password and entering it twice would be the same barrier as entering it once.
> I would be surprised if MtGox decides to refund you
I agree that MtGox shouldn't be doing any kind of refunding in this case.
> what happened is your own fault entirely
You're blaming the victim.
If I'm walking down a dark alley and someone pulls a gun on me and takes my wallet, is it my fault because I decided to walk down a dark alley? Not at all.
The only person at fault here is the cracker who perpetrated the scam.
The only thing you can say about the victim in this case is that they aren't very sensible. Just like walking down dark alleys might not be sensible. But it's not the OP's fault that someone stole something from him.
+-------------------------------------------------------+
| SECURITY WARNING! |
| You are attempting to walk down a dark alley, |
| which could be dangerous. Only walk down |
| dark alleys you are familiar with and trust. |
| By walking down this alley you assume responsibility |
| for the attendant risks. |
| |
| Do you still wish to walk down the dark alley? |
| [x] Yes [ ] Cancel |
+-------------------------------------------------------+
Perhaps a better phrasing that "your own fault" is "it was 100% in his power to prevent this from happening. He is responsible for the fact that it happened."
Fault and blame is not zero-sum, a point many people seem to miss. Realizing that the victim has some (and he certainly does here, and in many other cases) does not in any way reduce what attaches to the perpetrator.
I think it's more like leaving your wallet and laptop on the table at a cafe while you go to the bathroom, then getting upset that they're gone when you get back. In that case, yeah, it's absolutely your fault.
Put it another way, if you lent your laptop to a friend, and they left it on the table like that and it was stolen, would you really find your friend blameless? Would you lend them a laptop again?
> Put it another way, if you lent your laptop to a friend, and they left it on the table like that and it was stolen, would you really find your friend blameless? Would you lend them a laptop again?
I wouldn't lend it to them again because they are careless and didn't take sensible precautions. I wouldn't find them at fault for the theft.
Maybe we disagree on what "fault" means; I think (and I'm pretty sure this is common usage) that if a person takes an action and a predictable bad outcome ensues, that person's at fault. It doesn't make him or her a bad person.
One last example: if you leave the laptop on an open windowsill and it falls out and breaks, is it now gravity's fault? If I throw it up in the air and fail to catch it, am I at fault, or is gravity? If I throw it and want the laptop to break so I don't catch it? Does it really depend on whether I want the laptop to break or not? What if I'm unsure of my motivations?
edit: I hope it's obvious, but multiple people can be "at fault" and the person who stole the bitcoins is more "at fault" than the victim here.
I want to discuss this in more detail as I see this argument come up now and then.
I think we first have to discuss the word blame. What do you actually mean by "blame"?
Merriam-Webster:
>1 to find fault with : censure <the right to praise or blame a literary work>
>2 a : to hold responsible <they blame me for everything>
> b : to place responsibility for <blames it on me>
Do you agree with this?
For the sake of the argument I will assume yes. According to this definition did dreen blame the victim? Yes. dreen claims that the victim acted wrong: Victim should not have ran the applet. Using my powers of intuition [i.e. shout if I am wrong] I assert that dreen considers the victim responsible for securing his bitcoins. A responsibility the victim failed. Hence blame.
Now using further powers of intuition, I believe that you, burntsushi, think that blaming the victim is inherently wrong. Interpreted strictly that means that the behaviour of a victim is always flawless, and and a victim always lacks responsibility for bad outcomes. This is in my mind a quite ridiculous view, so I don't think this is what you mean. So what DO you mean? I will consider two possible guesses and discuss them.
>The thief acted wrong. Stealing the coins was immoral.
-I think we can all agree with this statement. Hence no need to state "you are blaming the victim" so insistently.
>But then you shouldn't say "your own fault entirely"
-Maybe you are right. Could be argued that everyone gets this anyway. Unsure.
>We should pity, not scorn the victim
I probably, maybe agree with this. Clearly the victim is in crappy situation and has my sympathies. On the other hand, scorn discourages others from following his example, which could be useful.
> Stealing the coins was immoral. -I think we can all agree with this statement.
Yes. This is my main point. It's easy to agree with in hindsight. I was insistent because it seemed like the parent completely forgot that there were more than two parties involved in this affair: the OP, MtGox and the phisher.
There is a certain attitude among folks that some people who don't properly secure themselves somehow "deserve" what they get. I vehemently disagree with this sentiment, and it is in essence what I was trying to combat.
> We should pity, not scorn the victim I probably, maybe agree with this.
I am all for calling out the victim's poor security practices as stupid, senseless, etc. But it's another thing entirely to blame the victim for someone stealing from them.
Blaming the victim wasn't my central point, asking for compensation was. Obviously the real, criminal sort of responsibility is on the criminals who perpetrated this, and I very much pity him, just as much as I pity anyone who got mugged.
But I still think the victim here shares in the responsibility, because he wasn't careful enough. We're not living in a careless world and we never will.
> Your central point is without merit. The "victim" is a victim, not of MtGox, but their own poor decisions.
Their decisions may have made themselves vulnerable to the attack, but (based on the information provided) they are a victim of a third-party that is neither the MtGox nor themselves -- that is, the people that actually used the malware to steal the BTC.
I'm sorry for your loss but what happened is your own fault entirely and I would be surprised if MtGox decides to refund you.