Topic: Direct exchange guidelines (Read 21625 times)

DoM P · « **on:** June 24, 2014, 10:44:15 pm »

These days the moderators noticed an increasing number of offers to buy or sell Nxt without going through Exchanges. In the recent past, some people have been tricked into sending NXT or BTC to the wrong people and lost the money in the process. This is why we feel necessary to stress out some very important points:

Exchanges: for a moderate fee and often little delay, offer a reliable escrow service that should be the preferred choice for relatively small amounts of NXT. So, for anything less that 5% - 10% of the daily volume of transactions, that should be your first choice. Bter, Poloniex, and naturally DGEX, are trustworthy exchanges, and you could even use them all to limit the risk of having too big of an impact on the market price.
Direct trading: the only good reason we see to do direct trading instead of using exchanges is to avoid affecting Nxt's price. So again, only large amounts should qualify for this method of exchange.
Escrow service: unless you know the person with whom you want to trade very well, using an escrow service is the best method. Anon136 (NXT-UWKJ-GFEV-AGY4-5C4YS), VanBreuk (NXT-RQYG-UPJP-HMMH-7WHFZ), and myself (NXT-LP8G-9NHV-VUQB-58ZZF) have volunteered to do it for a 0.9% fee. Some people want to use escrow to do an anonymous trade. The whole point of using an escrow being to trust a third party, this kind of request is perfectly acceptable.
Know who to trust when doing this: Whether you exchange directly or go through an escrow, make sure the people you are dealing with are really the ones you think they are: there is always the risk of account hacking.

There are several methods to check the identity of an account:

If a message has been signed in the past, ask for a new signed message and check the key is the same
Ask for a token from an account that is known to be owned by the person you trust (NOT the Nxt address in the message signature, for this can be changed if the account is hacked)
To verify a token from another member:
- Make sure your local client is running
- Verify result on http://localhost:7876/admin.html
- Your client will tell you if it checks out OK. Look for ' "valid":true ' in the response, and the response will also include an account number you can use to check in the blockexplorer.
- If someone gives you a link to check, DONT just click it and look for TRUE and call it good as they could have copied and given you someone else's token. Verify that the link they give you includes their exact username@site in the '&website=' part.
Ask for a private Skype session if you already know the face of who you trust. In doubt, DO NOT TRADE.

In any case, take your time. People here live all around the world and may not be available to answer your questions at the moment you ask them.

Once parties have an agreement, we suggest to take care of the exchange as swiftly as possible and to not let each other waiting with no communication. These exchanges can be stressful for all parties, please keep calm and polite at all times.

msin · « **Reply #1 on:** June 24, 2014, 11:10:29 pm »

Thanks for posting.

Darkhorse · « **Reply #2 on:** June 25, 2014, 09:14:01 am »

Dom - can you also add in the post, if anyone wants to buy or sell to post their token together with the post. May make life a little easier.

TheCoinWizard · « **Reply #3 on:** June 25, 2014, 10:02:35 am »

Nice guidelines,

I would like to see the following (maybe in some better wording) added to it:

look for valid is true ... and check out if the token isn't just a copy paste from an old publiced token,
by checking the age of the timestamp value which gives you the amount of seconds between the genesis block and the token generation ...

this can be done by dividing the timestamp (which gives you the amount of seconds between the genesis block and the token generation) value by ( 60 seconds * 60 minutes * 24 hours) and then deduct the resulting amount of days on a date calculator from the current date.
If the result is -+ 1 day from 24 november 2013 it means it is a recent token...

It would also be nice (or even standard) if the escrows would immedietly post a token, with the tread title and date plus time as website (or message),
on trading threads where they act as escrow,
so we can immedietly exclude the possibilty that their forum or email account was compromised.

Even nicer would be if the nrs client (or some other client, wesleys for example) would automaticly return the age of the token like this for example:

{
"timestamp": 18265159,
"valid": true,
"age": 2 days, 4 hours, 25 minutes and 30 seconds
"accountRS": "NXT-UWKJ-GFEV-AGY4-5C4YS",
"account": "4357314498768237104"
}

It is just to easy to copy paste a valid old token...

anon136 · « **Reply #4 on:** June 25, 2014, 03:31:50 pm »

Please when doing a big escrow always ask for a token. Don't ever assume that who ever you are corresponding with on this forum is who you think it is. If anyone ever tries to make an excuse for not providing a token ASSUME THEY ARE NOT ME.

VanBreuk · « **Reply #5 on:** June 25, 2014, 03:44:04 pm »

Quote from: TheCoinWizard on June 25, 2014, 10:02:35 am

Even nicer would be if the nrs client (or some other client, wesleys for example) would automaticly return the age of the token like this for example:

{
"timestamp": 18265159,
"valid": true,
"age": 2 days, 4 hours, 25 minutes and 30 seconds
"accountRS": "NXT-UWKJ-GFEV-AGY4-5C4YS",
"account": "4357314498768237104"
}

It is just to easy to copy paste a valid old token...

Not really necessary. Token generation requires a website field, the solution can be easy and independent of timestamp verification.

Member gives a customized "website" to generate the token to the escrow, including name and date. Say for instance, http://escrow.for.member.XXX.25062014

Escrow returns token, member verifies it in http://localhost:7876/admin.html

TheCoinWizard · « **Reply #6 on:** June 25, 2014, 07:16:24 pm »

nothing in life, except oxygen, water, food and some protection from the weather is really necessary.
Certainly not cryptocurrency.
But since we are trying to create something usefull here, being the 2nd generation cryptocurrency,
and I want my 20th post

, I will try one more time to get through the admins of this forum...

maybe you should read this post if you haven´t already:
https://nxtforum.org/trading-exchanges/want-to-sell-up-to-2m-nxt/?all

I wonder how everyone, including admins, would have reacted if I would have said in post #73:
https://nxtforum.org/trading-exchanges/want-to-sell-up-to-2m-nxt/msg52527/#msg52527

Quote

your token is valid, but it does not contain the message/website I´ve required... it might as well be copy pasted from another PM or thread.
please send me a new one with message: 'coinwizard is paranoid on June 23, 2014' $:-\$

being an unexperienced java programmer,
I cannot imagine it is a difficult nor cumbersome thing to add age in seconds to the output,
though since I am unexperienced on that level I could indeed be wrong.

I am not saying someone has to progam this, only saying it would make the token system much more directly useable and verifyable.

anon136 · « **Reply #7 on:** June 25, 2014, 10:08:37 pm »

If you wanted to prove age, the way to do it would be to digitally sign a block singnature + what ever information you wanted to sign. then simply tack the block number of the block whos block signature you signed + some syntax describing that you were making a time included signature to the front of the token signature. then on the verification end it could just check that everything was right and do an estimation of how long ago that was based on the targets of the blocks between now and then. no need to add any sort of changes to the core, this could all be layered ontop easily by client devs.

TheCoinWizard · « **Reply #8 on:** June 25, 2014, 10:39:46 pm »

isn´t the timestamp output already proving age?

doesn´t timestamp show the amounts of seconds passed between the genesis block and the generation of the token.
what i would like to see is easily calculateable from this value...

TT: timestamp token (seconds between genesis and token generation)
CT: current timestamp (seconds between genesis and now)
AGE: CT - TT (seconds between token generation and now)

don´t have a clue whether this should be in the core or in client,
all i know that the only way i was able to thrust your token was new,
I had to do this calculation manually, as i described in 1st post here...

anon136 · « **Reply #9 on:** June 25, 2014, 10:53:32 pm »

Quote from: TheCoinWizard on June 25, 2014, 10:39:46 pm

isn´t the timestamp output already proving age?

doesn´t timestamp show the amounts of seconds passed between the genesis block and the generation of the token.
what i would like to see is easily calculateable from this value...

TT: timestamp token (seconds between genesis and token generation)
CT: current timestamp (seconds between genesis and now)
AGE: CT - TT (seconds between token generation and now)

don´t have a clue whether this should be in the core or in client,
all i know that the only way i was able to thrust your token was new,
I had to do this calculation manually, as i described in 1st post here...

i mean if it cant be spoofed than awesome.

TheCoinWizard · « **Reply #10 on:** June 25, 2014, 11:23:01 pm »

Quote from: anon136 on June 25, 2014, 10:53:32 pm

i mean if it cant be spoofed than awesome.

I don't see how it can be spoofed any more then the rest of the output...

{
"timestamp": 18265159,
"valid": true,
"seconds passed since token generation": 172800,
"accountRS": "NXT-UWKJ-GFEV-AGY4-5C4YS",
"account": "4357314498768237104"
}
also don't see a use for timestamp once it has age, aka seconds passed since token generation.
if this is implemented then it will be easy to complete this in the first post:

Quote

Your client will tell you if it checks out OK. Look for ' "valid":true ' in the response, and the response will also include an account number you can use to check in the blockexplorer.

with this:

Quote

Your client will tell you if it checks out OK. Look for ' "valid":true ' in the response, check if the token isn´t to older and the response will also include an account number you can use to check in the blockexplorer.

we could ofcourse also try to educate everyone generating tokens that they should do it the way Van Breuk described, but that doesn't seem realistic and neither goes with: keep it simple and stupid

brinanNXT · « **Reply #11 on:** June 26, 2014, 06:40:19 am »

After familiarising myself with concepts and software practicalities for a couple of days (acquiring a net 22 in the process [mostly donations, wow

]), now want to buy. Say, £200's worth.

In particular, can transfer funds from my poker account. Inter-player transfers allowed provided recipient does not immediately withdraw.

How might the timing of account/NXT transfers work?

Ezravdb · « **Reply #12 on:** June 26, 2014, 06:44:12 am »

Speaking about Poker.. I gotta bump that NXT Poker game!

Thames · « **Reply #13 on:** July 01, 2014, 10:31:16 am »

So, after reading Anon's and VanBreuk's posts re token, who is now more confused and distrustful of using the token system, than they was before?

anon136 · « **Reply #14 on:** July 01, 2014, 02:16:54 pm »

Quote from: Thames on July 01, 2014, 10:31:16 am

So, after reading Anon's and VanBreuk's posts re token, who is now more confused and distrustful of using the token system, than they was before?

I just always put the date in my token. So my tokens look like this. "Doing escrow of 1million nxt for Thames 30/06/14"

If i do this, and i still have a large amount of nxt on my account and my token checks out, you can trust it.

VanBreuk · « **Reply #15 on:** July 01, 2014, 02:34:03 pm »

Quote from: Thames on July 01, 2014, 10:31:16 am

So, after reading Anon's and VanBreuk's posts re token, who is now more confused and distrustful of using the token system, than they was before?

Tokens prove the ownership/access to a Nxt account in the moment the custom token is generated. When accounts have been publicly linked to someone, the only concern is whether the Nxt account has been compromised in that moment and the original owner of the account hasn't found out yet, or is locked in a basement and cannot report it.

So tokens work to a certain extent to digitally sign a message, but the really sensitive moment may be right before the transfer to the escrow account is made. If in that moment the sending party believes the escrow account may have been compromised for some reason, additional proof-of-identity can be provided as the token prior to the transfer is issued. The message including the custom token string can be PGP signed, or contact by email/skype can be made with escrow to confirm they are issuing the token themselves.

DoM P · « **Reply #16 on:** July 17, 2014, 06:05:23 am »

For those who think buying at BTer is hard, or long, or will either crash the prices or make it skytocket, here's what I did last night (night for me, GMT+1):

So I wanted to buy 32 btc worth of Nxt. First, I checked the market state :

1. The top sell order (my top exchanger) at 6905 sat.
2. Selling for 4 btc
3. The top buy order (my top competitor) at 6844
Also, I got a quick look at the recent trade history. That doesn't look too good: Small amounts only. This may take time.

Then I start buying:

1. I click on my balance. It automatically fills in the amount of Nxt
2. And I decide of the price. Somewhere close to the top seller's price, since I want to buy large amounts.
Note: I can do that because Nxt is on a downward trend. If it were the opposite, I'd buy at a higher price to meet the demand.

My buy order appears:

And, slowly, I start buying. First buy at 05/45, at 0.6810 sat?
Last at 11:57 at 6900 sat

So please, don't tell me you can't get rid off 100K Nxt or can't buy them through an exchange.

TwinWinNerD · « **Reply #17 on:** August 16, 2014, 07:25:05 am »

0.9% uncapped is pretty steep rate

nickelback65 · « **Reply #18 on:** March 05, 2015, 04:44:18 pm »

Hello friends,

I have an amount of Nxt on the Bittrex exchange that I am trying to move into my my.nex wallet at this time.

Bittrex told me that my.nex account must have a previous deposit of Nxt before withdrawing and suggested that I use the Nxt faucet.

The Nxt faucet is presently offline and I'm wondering if there are other options.

Please advise.

bizz · « **Reply #19 on:** March 05, 2015, 05:18:52 pm »

Quote from: nickelback65 on March 05, 2015, 04:44:18 pm

Hello friends,

I have an amount of Nxt on the Bittrex exchange that I am trying to move into my my.nex wallet at this time.

Bittrex told me that my.nex account must have a previous deposit of Nxt before withdrawing and suggested that I use the Nxt faucet.

The Nxt faucet is presently offline and I'm wondering if there are other options.

Please advise.

Just post your address will send you some.

Normal exchanges should ask you for public key if your account is new btw. Don't know why they don't.

News:

Author Topic: Direct exchange guidelines (Read 21625 times)