Attention New measures to stop scams and dishonest behavior in the Exchange

As a seller, I don’t let people use G&S. As a buyer… I’d rather have the % or the seller have the %… just not big corp.

I offer multiple ways to pay (cash, personal check, USPS MO,… I might even take a box of apples… just not G&S.

Need to rely on ad pics, description, feedback/reputation + parcel insurance.

If you’re going to buy something expensive from seller with no/low/bad feedback… your gut is telling you something. Listen to it.
 
Nuker said:
Not being able to edit… don’t like it at all.
Nanny state.
Break rule —> warn —> break rule again —> put on restriction… repeat / increase punishment. It’s worked for humanity for ages.

If you need more mods, get more mods. Create a criteria, solicit volunteers, interview, decide, done.

Not knowing what something is worth… it’s nobody’s job to teach you… it’s your job to watch & learn. Overpay once? Good… you learned something. Not all education is from books, nor should I be forced to spoon feed anyone.

I don’t approve of catering to the lowest common denominator. It stifles excellence… and is poor leadership. (get more mods)

Can BFC create a watermark for ad pics?
You already have the data:
Member
Date
Forum

Having every seller write notes by hand, into perpetuity, is wasting everyone’s time & resources. A one time, data driven engineered solution, would be way better.
Click to expand...


Nuker said:
As a seller, I don’t let people use G&S. As a buyer… I’d rather have the % or the seller have the %… just not big corp.

I offer multiple ways to pay (cash, personal check, USPS MO,… I might even take a box of apples… just not G&S.

Need to rely on ad pics, description, feedback/reputation + parcel insurance.

If you’re going to buy something expensive from seller with no/low/bad feedback… your gut is telling you something. Listen to it.
Click to expand...
RE: Rule 1
We've had several cases in which a scammer gained access to the account of a long term member who had good feedback, because the member had used the same credentials across multiple web sites, and another site had a data breach. The scammer obtained data from the breach to log into the member's account, then used that account to scam buyers. This rule is an effort to protect buyers from such an event.

If you sell often enough that writing your name, date, and "BF" on a piece of paper is a hardship, you might consider a commercial membership. These new rules don't apply to them.

RE Rule 2.
It is extremely difficult to find early reposts once a seller as erased their original sales post. Freezing the sales post is the best method we could think of to prevent that. The 14-day repost limitation gives every seller equal access to the exchange. Enforcing that rule helps us offer a level playing field to our members.
 
Last edited:
Nuker said:
Not being able to edit… don’t like it at all.
Nanny state.
Break rule —> warn —> break rule again —> put on restriction… repeat / increase punishment. It’s worked for humanity for ages.
Click to expand...

One of these is proactive, and the other is reactive. “Nanny state” has nothing to do with it. We’re dealing with scammers- people who shouldn’t be here to begin with. People who hack other upstanding member accounts. The idea is to keep them from scamming the first time, not punish them after they’ve scammed.

ETA: never mind- I see Frank addressed this already.
 
knarfeng said:
RE: Rule 1
We've had several cases in which a scammer gained access to the account of a long term member who had good feedback, because the member had used the same credentials across multiple web sites, and another site had a data breach. The scammer obtained data from the breach to log into the member's account, then used that account to scam buyers. This rule is an effort to protect buyers from such an event.

If you sell often enough that writing your name, date, and "BF" on a piece of paper is a hardship, you might consider a commercial membership. These new rules don't apply to them.

RE Rule 2.
It is extremely difficult to find early reposts once a seller as erased their original sales post. Freezing the sales post is the best method we could think of to prevent that. The 14-day repost limitation gives every seller equal access to the exchange. Enforcing that rule helps us offer a level playing field to our members.
Click to expand...
RE Response to #1
Scammer gained access via reused and/or weak password.
Solve the problem, don’t treat the symptom.
Update password rules. It’s better to solve problems on the front end.

The piece of paper response is avoidance / deflection. The issue is not level of membership.

RE Response to #2
I understand this is a problem. I’ll reach out to another site owner I know and see if I can glean any helpful info.
 
We make the nanny state look good...even if it does make our asses look bigger.

The fact of the matter is that we work with the tools and the resources provided and available to us...the time and effort is provided gratis to the community.

When we have better options and tools, we will employ them. No one likes to see this community diminished. We are members here, some of us being part of the community before it even opened officially in the current incarnation. That's over a quarter century invested.

We will always be open to good ideas and will effort to provide the best experience for everyone within the limits our capabilities.
 
Blues said:
When we have better options and tools, we will employ them. … within the limits our capabilities.
Click to expand...
This is a big part of the problem. Lack of high level site support… owner response to client request. I know there’s only so much you can do with the provided tools. I’m sure it’s a battle to obtain them.
 
Nuker said:
RE Response to #1
Scammer gained access via reused and/or weak password.
Solve the problem, don’t treat the symptom.
Update password rules. It’s better to solve problems on the front end.

The piece of paper response is avoidance / deflection. The issue is not level of membership.

RE Response to #2
I understand this is a problem. I’ll reach out to another site owner I know and see if I can glean any helpful info.
Click to expand...

Why do you have such a big problem with a hand written time stamp? Are you a part of any other forum that sells? I am.. some do require this. Who cares? It takes 30 extra seconds and one more pic.
 
Is it possible to force reset everyone’s passwords? Makes everyone’s account log out, and the next time they sign in, they have to go through the “I Forgot My Password” process. And when they log in again, they are sent to the new sales rules post, have to read it, acknowledge that they understand the new rules, and then they go through warning phases with timeouts in place if they don’t follow the process. Seems easy enough to me.

Admins ( Blues Blues , knarfeng knarfeng ): is this a possibility?
 
SoCal C4S said:
Is it possible to force reset everyone’s passwords? Makes everyone’s account log out, and the next time they sign in, they have to go through the “I Forgot My Password” process. And when they log in again, they are sent to the new sales rules post, have to read it, acknowledge that they understand the new rules, and then they go through warning phases with timeouts in place if they don’t follow the process. Seems easy enough to me.

Admins ( Blues Blues , knarfeng knarfeng ): is this a possibility?
Click to expand...
Spark Spark has been considering doing so, (the forced log-in), but has put it off, at least temporarily for reasons.
 
I deal with customers and password daily. All I can say is that customers/people will almost never follow best practices on passwords and the more you force resets, the more simple they make the password. The hardest part to teach people is that, yes, they are a target. Everyone is a target these days, not just the big fish. Some people can only learn the hard way, and sometimes not even then.
 
Blues said:
Spark Spark has been considering doing so, (the forced log-in), but has put it off, at least temporarily for reasons.
Click to expand...
Great. And could there be minimum password requirement? Would be worth it to prevent as many future hacks.

Just trying to make helpful suggestions. Used to help run/Mod a car forum many moons ago.
 
SoCal C4S said:
Great. And could there be minimum password requirement? Would be worth it to prevent as many future hacks.

Just trying to make helpful suggestions. Used to help run/Mod a car forum many moons ago.
Click to expand...

All such would have to be promulgated from on high. We have no control of the primary software settings and options.
 
SoCal C4S said:
Is it possible to force reset everyone’s passwords? Makes everyone’s account log out, and the next time they sign in, they have to go through the “I Forgot My Password” process. And when they log in again, they are sent to the new sales rules post, have to read it, acknowledge that they understand the new rules, and then they go through warning phases with timeouts in place if they don’t follow the process. Seems easy enough to me.

Admins ( Blues Blues , knarfeng knarfeng ): is this a possibility?
Click to expand...
We already did that in recent memory.
 
bbk357 said:
Why do you have such a big problem with a hand written time stamp? It takes 30 extra seconds and one more pic.
Click to expand...
Because it’s not a guaranteed effective solution against photoshopping/digital manipulation. And…

Code could be written/borrowed to add watermarks. Say it takes two hours to develop & implement. That’d be 240 of the 30 sec intervals.

If there’s 240 ads placed (notes) written) in a day… the engineered effort saves energy, resources and time starting on day two. A data driven engineered solution makes more sense.

Think of it like a screwdriver vs. drill.
bbk357 said:
Are you a part of any other forum that sells? I am.
Click to expand...
Yep, I am. And, it’s programming is waaaay better. But, that site’s owner (developer) has full control. Spark doesn’t have full control. He has someone else’s product & this limits what can be changed. Even if it’s the best idea in the world… and seems easy to implement… the software owner can say no.
 
Last edited:
Nuker said:
Because it’s not a guaranteed effective solution against photoshopping/digital manipulation. And…

Code could be written/borrowed to add watermarks. Say it takes two hours to develop & implement. That’d be 240 of the 30 sec intervals.

If there’s 240 ads placed (notes) written) in a day… the engineered effort saves energy, resources and time starting on day two. A data driven engineered solution makes more sense.

Think of it like a screwdriver vs. drill.

Yep, I am. And, it’s programming is waaaay better. But, that site’s owner (developer) has full control. Spark doesn’t have full control. He has someone else’s product & this limits what can be changed. Even if it’s the best idea in the world… and seems easy to implement… the software owner can say no.
Click to expand...
I think the only effective solution is to track down every scammer… I’ll get the drones ready.

IMG_9179.webp
 
Last edited:
00ChevyScott said:
This is what makes it so difficult. They’re controlling known accounts with years of positive feedback, and are even going through and reading posts and messages in the account to get a feel for how the user typed and what they’re doing or selling.

They almost got me on a custom knife I was having made but what threw me off was the knife maker asked for a rushed payment late at night because of “material costs”. I thought it was odd so I didn’t respond, but the scammer knew I was working with this member to have a knife made and tried to get me to pay him through DM.
Click to expand...
It is harder to tell when they hack established accounts, but when I’ve seen this happen there’s no recent feedback on the account. It may be 1-5 years since the last feedback was received which should be a red flag. When this is the case I request a video time stamp and ask more questions.

Or, if they have one piece of recent feedback only, I cross-check the account that left that feedback to make sure they’re not using a network of hacked accounts to make each other look legitimate by bolstering feedback stats. So far that has only been a hypothesis of something that could happen and not something I’ve ever detected.

It sucks to have to be this careful and I can totally admit that. But, it sucks way more to get robbed in a place you thought was safe 👍🏻

P.S. I’m strongly in favor of the edit limitations as I feel prices should not be allowed to be removed nor should people be able to delete a whole long sales post to just leave the single word “sold”. I can’t stand that lol
 
Requiring the user password to be reset once a year and requiring the user to reauthenticate their acct details from time to time are also noteworthy ideas. All web based financial services that I use have been utilizing these practices for a long time. Now that I think of it, that could also be used as a signal to delete an unused acct. no activity or password resets for a given amount of time, delete.

I'm surprised goons are breaking into people's accts on an enthusiast forum. This place is supposed to be fun. I had no idea we were seen as lucrative targets. Lol
 
2 factor authentication makes me re-login with a code every 30 days.

Simple.......if you haven't logged in the past 30 days just make all profiles require 2 factor.

But a good portion of this site never reads anything and will whine and moan about "2 factor".
 
Last edited:
You must log in or register to reply here.
Back
Top