News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

AskWoody Free Newsletter Logo
ISSUE 18.21.F • 2021-06-07

In this issue

PUBLIC DEFENDER: Buying crypto? Watch out for these 100 problems

MICROSOFT: The next Windows

Additional articles in the PLUS issue

LANGALIST: OneDrive’s two Documents folders; missing menu items

PROFILES: Who is Susan Bradley?

BEST UTILITIES: Freeware Spotlight — ShellBag AnalyZer + Cleaner

PATCH WATCH: BSODs point to driver issues with feature releases

ADVERTISEMENT
WinXDVD 15th Anniversary Deals

Get DVD/Video Converter, iPhone Manager for Only $19.95 – WinXDVD Anniversary Deals

WinXDVD is enjoying its 15th year with up to 70% discounts on its top products WinX DVD Ripper Platinum, WinX HD Video Converter Deluxe, WinX DVD Copy Pro, and WinX MediaTrans.

For only $19.95, the first 50 buyers can get any of products you want. After that, it’s $29.95 for the next 150 and $39.95 for the next 200. The earlier you buy the higher the savings. Hurry up to grab your deals now!


PUBLIC DEFENDER

Buying crypto? Watch out for these 100 problems

Brian Livingston

By Brian Livingston

People in the tech industry tend to find cryptocurrency very attractive as a concept. After all, crypto coins are totally digital — there are no paper bills or metallic coins to handle — and you can transfer these “digicoins” to anyone in the world, instantly (in theory).

The reality is that digital money is prey to all kinds of hacks and cons. Many people have lost their life savings because they converted their hard currency into crypto and got hacked. Bad actors used one security flaw or another to transfer the victims’ funds to themselves.

Allow me to give you some guidance that can hopefully help you avoid scams while you hold crypto, if you have a specific reason to do so.

Blockchain is the new Pet Rock, Hula Hoop, and Beanie Baby

Talking about cryptocurrencies always gets around to the concept of a blockchain, so we might as well get clear on what that means. (See Figure 1.)

Figure 1
Figure 1. A public blockchain is an uneditable, digital record of every transaction (block of data) that has ever occurred. A private, redactable blockchain might have virtual “padlocks” to allow the removal of certain transactions.  Source: Accenture

A public blockchain is an unchangeable, widely distributed digital ledger that preserves all transactions (blocks) in the order in which they occurred. Different blockchains have been set up for bitcoin, ether, dogecoin, and many other crypto coins.

A private blockchain might be limited to authorized users, such as the employees of a company or a nonprofit organization. Such a blockchain could be redactable, allowing authorized admins to correct errors or reverse transactions. A technique for editable ledgers with digital “padlocks” between data blocks has been proposed by consulting firm Accenture and Stevens Institute of Technology professor Giuseppe Ateniese in a PDF.

A blockchain being uneditable doesn’t mean it’s secure. For example, a Swiss-registered investment pool called The DAO (Decentralized Autonomous Organization) raised $160 million through ether in May 2016. On June 17 of that year, a hacker transferred $50 million to himself. To steal that much ether, he wrote code that avoided sending messages to the system about the number of tokens he was moving (see Phil Daian’s analysis of the code):

if (p.splitData[0].newDAO.createTokenProxy.value(fundsToBeMoved)(msg.sender) == false)

Because of The DAO’s 28-day waiting period, the theft could be mostly reversed, but only by a so-called hard fork: an entirely new blockchain that excluded the hacked transactions. Under The DAO’s “consensus” model, however, approximately 15% of the voting stakeholders refused to accept the fork. This created two separate blockchains, each with its own coins: the reborn Ethereum and Ethereum Classic, as explained by the Brave New Coin blog.

The split allowed the thief to keep a few million dollars’ worth of ether, at least temporarily. By the end of 2016, DAO tokens had been delisted by major crypto exchanges. The US Securities & Exchange Commission (SEC) ruled in July 2017 that DAO’s offering was an illegal, unregistered security. The effort folded soon thereafter, as described in a Medium article.

As far as corporate ledger chains go, “Private blockchains are completely uninteresting,” says Bruce Schneier, a noted cryptographer and a board member of the Electronic Frontier Foundation. “Consensus protocols have been studied in distributed systems for more than 60 years,” he adds. “The only reason to operate one is to ride on the blockchain hype.”

Most people will never set up a blockchain. But millions of people are using cash and credit cards to transfer their hard currencies, such as dollars and euros, into crypto coins. Do those digital currencies have problems? I’m glad you asked.

Crypto is just code, and code can be hacked

Cryptocurrencies do serve at least one legitimate need. Individuals sent $715 billion across international boundaries to relations in other countries in 2019, according to World Bank estimates. But the old-line service is dominated by Western Union, MoneyGram, and RIA. Remittances can take up to five business days, and the average transaction fee is 7.45%. The fee can be 15 points higher for remittances to some African countries, a 2018 EU report says.

Crypto remittance services can be faster and charge lower fees. Local offices routinely convert coins into the recipient’s local currency. But whether or not you make cross-border transfers, it’s important to know that holding crypto for long exposes you to certain risks.

Steve Wozniak by The Economic TimesSteve Wozniak (left), a co-founder of Apple — and a tech-savvy individual, by all accounts — recently had seven bitcoins stolen from him, at a time when his coin collection was worth approximately $70,000.

What super-sophisticated hack was capable of separating Wozniak from his valuable digital assets?

Nothing sophisticated at all. “Somebody bought them from me online through a credit card, and they cancelled the credit-card payment,” he said at the 2018 Global Business Summit in New Delhi, sponsored by The Economic Times of India.

“It was that easy! And it was from a stolen credit-card number, so you can never get it back,” he added. Just try telling a credit-card telephone rep that you sent virtual currency to someone, somewhere, and you want it returned.

(Department of Happy Endings: On December 4, 2020, Woz used the Singapore-based HBTC crypto exchange to sell his own token, WOZX. The offering raised $950 million in the first 13 minutes of trading, a huge increase from its $80 million starting valuation. To avoid SEC regulation, buyers couldn’t use US crypto exchanges, according to a Yahoo Finance story.)

You don’t have to be an Apple legend to get your crypto coins stolen, of course:

  • Apps transfer crypto to hackers. iPhone user Philippe Christodoulou downloaded from the Apple Store a “Trezor” app to manage his bitcoins on a special USB digital wallet he’d purchased from the Czech manufacturer Trezor. He blames Apple for distributing the fake app, which immediately stole $600,000 worth of his bitcoins. According to a Washington Post story, the app was downloaded from the Apple Store around 1,000 times between January 22 and February 3, 2021. Apple spokesperson Fred Sainz says, “Study after study has shown that the App Store is the most secure app marketplace in the world.”
  • It isn’t just the Apple Store. Coinfirm, an anti-money-laundering service, told the Post that it knows of three Android users who’ve lost a total of $600,000 from phony “Trezor” apps, in addition to five iOS users who’ve lost $1.6 million.
  • You can’t even trust crypto that’s given away for free. A common scheme involves crypto groups offering a few coins “for nothing.” These promotions are known as crypto airdrops. Beware! Promoters may ask you to enter your email address, a bank-account number, a password, or — worst of all — the private key to your crypto wallet, exposing you to a total loss. Twitter user Voland04 tracked or participated in hundreds of airdrops over a six-month period, reporting in 2019 that only a dozen or so paid the promised tokens and “only about 5 have real value.”
  • Cryptocurrency scams have grown 1,000% in 12 months. The reported losses by Americans alone due to crypto crimes totaled more than $50 million in the first quarter of 2021. That’s 10 times more than the same period one year earlier, according to a Federal Trade Commission report.

“For every legitimate business online, there are probably five scammers out there trying to act like they are someone they are not,” says David Johnson, CEO of crypto startup Latium.

The magic beans you buy may mysteriously vanish in a rug pull

The most outrageous scams involve companies that set up a new blockchain, create a website to promote the related coin, hire social-media celebrities to flog it, collect millions of dollars of hard currency from excited buyers — and then disappear with the money.

Crypto bloggers call these vanishing acts rug pulls. That’s shorthand for “having the rug pulled out from under you.” But coin boosters avoid using a much simpler term: rip-offs.

  • Fairmoon, called a “fair community crypto” (symbol: FAIR), lost 96% of its value on May 18, 2021, when insiders vanished with millions of dollars’ worth of tokens. As I write this, FAIR is trading for only $0.0006 (six one-hundredths of a US cent), but there hasn’t been a single trade in days. The coin’s organizers had thoughtfully hired the head of a prominent anti–rug-pull movement as an auditor, but he was immediately accused by the promoters of pulling the heist himself, according to an Investor Place article.
  • The developers of Compounder Finance (CP3R) disappeared with more than 10 million dollars’ worth of crypto on December 1, 2020. The CP3R token had hit a peak of $80.18 on November 24, three days after its launch. But the price was sucked down to $0.55 by December 3, a loss of 99%, says a CoinDesk story. In this case, an auditing team named Solidity Finance had tweeted on November 19 a link to a report mentioning that the CP3R code “doesn’t provide full protection.” The developers used that very opening. The tweet and the report have been deleted. Only a chat log PDF about the audit remains online.
  • The CEO of Turkey’s largest crypto exchange flew to Albania with $108 million. Some 400,000 Turkish users had transferred their money to the Thodex exchange to escape the lira’s 16% annual inflation rate. After the April 23 theft, Turkish authorities detained 83 people connected with Thodex, including the CEO’s brother and sister, according to a News Binding article. At this writing, the CEO’s whereabouts are still unknown.
  • More than 80% of “initial coin offerings” (ICOs) are outright scams. Just considering coins that had a market capitalization (total invested) of $50 million or more, 81% were complete frauds, according to a 2018 study by Satis Group. Another 11% of ICOs did exist but failed to ever get listed on any crypto exchange. The remaining 8% managed to get to the listing stage, but only 2% could be categorized as “successful.” The smaller a coin’s market cap, the worse its likelihood of success.
  • Over 400,000 fraudulent crypto websites existed in 2020. After scanning 300 million sites, fraud-prevention firm Bolster determined that hundreds of thousands of them featured fake celebrity endorsements, “double your money” rebates, and other cons. A 75% increase to 700,000 such sites is expected this year. The phony pages include the likenesses of Tesla’s CEO Elon Musk, the Gemini Trust’s Winklevoss brothers, and other boldface names, according to a Business Wire press release. (See Figure 2.)
  • No, celebs such as Musk don’t know which coins will go “to the moon.” American hip-hop star Soulja Boy accidentally revealed on May 26 that he would be paid $24,000 by a new crypto called SaferMars. The payoff would come if the coin raised $240,000 via the rapper’s tweeting favorably about it to his 5.2 million followers, the Coinfomania blog revealed. The money may not be worth it. The SEC has levied punitive fines of $150,000 to $600,000 on actor Steven Seagal, boxer Floyd Mayweather Jr., music producer Khaled Khaled, and others for promoting various digicoins without revealing their incentives.

Fake Gemini Foundation offer
Figure 2. This FAKE website, which is NOT authorized by the Gemini Trust or the Winklevoss brothers, looks real. But the site instructs you to send crypto coins to a hacker’s wallet, and the Gemini Trust will supposedly transmit DOUBLE that amount back to your account. Yeah, right.  Source: Bolster

How to guarantee that a crypto investment won’t con you

I wish I could say there’s a foolproof method to ensure that a purchase of cryptocurrency is legitimate and safe. But I can’t. There are simply too many ways that promoters of a virtual currency can — to coin a phrase — pull the rug out from under you. If I told you, “XYZ is fine,” some scandal or rip-off would quickly make a liar out of me. Sorry.

We’re in the snake-oil, Wild West days of virtual currencies. In the late 1990s, companies could add “dot-com” to the end of their names, and their shares would immediately rise 100% on a stock exchange. Today, social-media celebrities just saying “our new coin is going to the moon” is enough to get starry-eyed true believers to pour their hard-earned hard currencies into the latest shiny bauble. (At least gold coins, which are also shiny, actually exist and will always retain some value.)

There are several legitimate crypto exchanges, of course. But if you find one that you feel sure of, please follow the same rule that you’d use with any other speculative investment: risk only a small amount of “play money” that you wouldn’t really mind losing.

Do you know a secret that we all should know? Tell me about it! I’ll keep your identity totally confidential or give you credit as you prefer. Send your story via the Public Defender tips page.
Join the conversation! Your questions, comments, and feedback about this topic are always welcome in the AskWoody Lounge!

The PUBLIC DEFENDER column is Brian Livingston’s campaign to give you consumer protection from tech. If it’s irritating you, and it has an “on” switch, he’ll take the case! Brian is a successful dot-com entrepreneur, author or co-author of 11 Windows Secrets books, and author of the new book Muscular Portfolios. Get his free monthly newsletter.


MICROSOFT NEWS

The next Windows

Will Fastie

By Will Fastie

What is it? We don’t really know.

By now, the news is out that Microsoft will host a livestream event on Thursday, June 24, 2021, at 11 a.m. Eastern Time. The event does not have a title; the livestream page on Microsoft’s site just says, “Join us to see what’s next for Windows.”

Speculation about this event is already starting to ramp up, and it’s just that — speculation. Microsoft isn’t talking. Is it Windows 11? Microsoft didn’t say that, and there doesn’t seem to be any leak suggesting it — only a video in which the shadow from a window is missing the
horizontal muntin, allowing the shadow to suggest “11.” Strong evidence, indeed.

From what I can tell so far, most of the speculation comes from the keynote address given by Satya Nadella, Microsoft’s CEO, at the Build Conference held May 25 to 27. The theme of Nadella’s speech was multi-everything — multi-cloud, multi-edge, multi-sense, multi-device — all infused with AI. Part of that message boiled down to collaboration, the ability to use any device to engage with any project, person, or team. The Teams app was given special mention, with Nadella touting “145 million daily active users.”

He also mentioned 1.3 billion Windows 10 users.

His address targeted developers (it was the Build Conference, after all) and the enormous opportunities they would have over the next ten years. He said that in digital companies, “developer workflow influences how the entire company works.” And he talked about something he called “tech intensity.” He also repeatedly mentioned trust, going so far as to remind developers about “responsible AI.”

You can watch the entire keynote on Microsoft’s Build site.

I’d love to speculate about the content of the June 24 event. The only thing that springs to mind is collaboration. I say this because the 2020 lockdown, not quite over yet, resulted in a digital transformation. The trend since Apple released the iPhone in 2007 has been away from traditional PCs and toward small devices. But the pandemic shifted that; sales of desktops and laptops were up last year, considerably. People couldn’t work from home with just a smartphone — they needed more power, more elbow room, more oomph in general. Windows is at the core of “more,” so it stands to reason it would get some attention.

Tune in to the livestream on June 24 to find out if I’m even in the ballpark. And then we’ll talk again.

By the way, if you are interested in the Build Conference, you can watch any of the sessions on demand and at no cost.

Join the conversation! Your questions, comments, and feedback about this topic are always welcome in the AskWoody Lounge!

Will Fastie is editor in chief of the AskWoody Plus Newsletter.

Stories in this week’s PAID AskWoody Plus Newsletter
Become an ASKWOODY PLUS member today!

LANGALIST

Fred Langa

OneDrive’s two Documents folders; missing menu items

By Fred Langa

One of the most confusing aspects of OneDrive’s operation is its creation of a second Documents folder.

Plus: What about OneDrive’s encrypted Personal Vault?

PROFILES

Chris Husted

Who is Susan Bradley?

By Chris Husted

In a fast-changing world where new apps and devices are released by the month and updates by the week, all driven by a vigorous dose of planned obsolescence, it comes as a blessing to meet someone who keeps the big picture in mind while making sure the day-to-day essentials are looked after.

BEST UTILITIES

Deanna McElveen

Freeware Spotlight — ShellBag AnalyZer + Cleaner

By Deanna McElveen

I don’t want to know why you need to clean your computer-usage tracks, but if you thought you were cleaning all of them … you weren’t.

What are shellbags, and why should you care about them?

PATCH WATCH

Susan Bradley

BSODs point to driver issues with feature releases

By Susan Bradley

Sometimes a BSOD is trying to tell you something

AskWoody subscriber BD reported that every time he upgraded to 20H2 on two of his three computers, the process did not end well.


You’re welcome to share! Do you know someone who would benefit from the information in this newsletter? Feel free to forward it to them. And encourage them to subscribe via our online signup form — it’s completely free!


RoboForm box

Like what you see in the
AskWoody FREE newsletter?

Become a PLUS member!

As a Plus member, you’ll receive the full newsletter, including all our great content about Windows, Microsoft, Office, 365, PCs, MS-DEFCON Alert notifications, useful and safe freeware, and Susan Bradley’s sought-after patch advice. Plus membership also allows continuous access to the complete archive of nearly two decades of Windows Secrets and AskWoody Newsletters.

Naturally, Plus members have all the benefits of free membership, including access to the popular AskWoody forums.

The cost? We’re supported by donations — choose any amount for a one-year membership. Every little bit helps.

 Join AskWoody PLUS Today!


Publisher: AskWoody Tech LLC (sb@askwoody.com); editor: Will Fastie (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Your subscription:


Copyright © 2021 AskWoody Tech LLC, All rights reserved.