 Your first name is Alan? Okay. What's your last name? Stella, please? We were saying a lot of stuff about... I mean, the second person's B.A.R. I did the training... Oh, the girl group. Right, cool. You're gonna be able to answer our questions about... Yeah. I'm gonna have him call in, okay? Oh, um... And then, for the sky... We couldn't hear unless I put the mic there. Do we have another little phone to put there? Yeah, whatever. We're... So, uh... Let's just start. Let's keep doing that. Okay, hold on, hold on one second. Okay, yeah, I need you to clip it right here. And I need you to raise the level so that you can hear that in this case. It makes sounds very good. Yeah, everybody loved it when I did that. Yeah, that's cool. But they can't hear you because they couldn't hear you. Is there another lapel we could use? It's supposed to exist. It's not plugged in. Ah, crap. Another lapel. No, don't worry about that. We'll fix that later. So, when I speak, I'll just clip it in very fast. I think you're doing fine by going like this. You don't have to clip in. Okay. Okay. Then, just leave it on that shot and leave the cameras on, please. Okay. All right, Adam. Hey. Okay, and actually we're not going to use the script, so... I'm going to probably just clip this. Okay, oh wait, here we are, aren't we? Jared, are we still... I forgot. Hang on one second. Are you still there, Jared? Wait a minute. Okay, there. Sure, are you there? Yeah, you're still there. Okay, cool. So, are we ready? Ed, here's the camera on. Okay, check that it's broadcasting and recording. Is it broadcasting and recording? Ed? Yes. Okay, here we go. All right. In five, four. Okay, welcome back to The Bitcoin Show. This is what episode? What are we in now? Five? 4.5? We are back. And we have with us on the line from Tokyo. Adam, I need to lower third. Ed, back to the lower third. Sorry. Hang on one second. Back on the other one. There we go. Adam Barr, B-A-R-R from Mt. Gox. And also with us is Jared Kenna via Skype from Trade Hill. So, Adam Barr is with Mt. Gox. And again, Jared Kenna is with Trade Hill. Adam, you're in Tokyo, right? You're doing what to the mesh? Oh, waking up to the mess. Oh, my gosh. So this happened overnight while you guys were sleeping? They came here. Hold on. You can hear? Can't hear anything. Okay. Well, maybe I have to speak up really loud. Is that the speakerphone? Is my mic on? My mic's on. Okay, pull my levels up high. Okay. All right, Adam. It sounds like your mic is off. Is my mic on, Ed? You can hear me. Okay. Go ahead, Adam. Say something. Can you hear Adam? Ed? You can't hear Adam. That's weird. I don't know why. All right. So, Adam, you said you're the e-mail guy? You support my store and respond to e-mail. Oh, okay. So, the... I understand, you know, Mark is not a native English speaker, so he'd prefer for you to field the questions. How... Are you responsible for any of the technical stuff, or are you... or just, like, kind of customer service type of e-mail stuff? Mostly the... Okay. You know, obviously they're... Repeat. Repeat. Okay. This is what we kind of can, because you mostly deal with customer service. Is that what you're saying? They can't hear anything. Okay. I'll tell you what, are you able to get on Skype? Do you have that ability right there? They're saying that they call me here through my mic. Can you hear me, Ed? Is my mic on? They're saying that they can't hear me. The guy on the left, that's you. Hold on. Oh, it's because mine is much, much more louder. Volume problems. Okay. So I'm Bruce, and this is Manny. Which one can't you hear? Swap mics. Yeah. It goes from the right guy's voice. Doing it. Dude on the left, hold your mic up to the phone. That's...are you talking about me? No. Okay. I'm on the left. Okay. Manny. This switch mics, mine is much more sensitive. Yeah. You probably have a level set differently over there. The slider. Hold on. Technical difficulties. Okay. How about this? Can you hear me better now? Is that better? Good. Better. Okay. Yeah. Ed, you got the level set differently over there. All right. We're learning. It's a learning experience. We got all new equipment this week. So, all right. I'm going to go like this. All right. Now, how about now, say something? Okay. Okay. In the chat room. Can you hear now? Can you hear Adam? Say something, Adam. Way better. It's not Ed's fault. Don't blame Ed. All right. Cool. Okay. So, let's start over a little bit because people are wondering what's going on. There's a million questions a foot, and I know it's morning there in Tokyo, but obviously it's not serious and important to people because we're talking about a lot of money. So, and I know that Mark is not a native English speaker, so he preferred to have you speak because you are. And so, he is at the harm line. Oh, he's right there. Okay. That's good. If you've got any hard questions, I can always divert to him. Okay. Cool. So, what's the deal? Is this a simple matter of brute force attack passwords of some of the users' accounts? Notice what it looks like in our system. They've got read access, read only access to the database. It looks like someone compromised their personal through that. So, it doesn't look like, I know a lot of people have been speculating that, oh, it's a SQL injection, or, you know, it's been brute force, or there's some other vulnerability. It's not the case. It doesn't look like we've got access to the database. I'm asking in the chat room, why would you allow your database to be accessed off-site? Right, like, is that, you're talking about at the hosting? Actually, I don't have, like, our servers aren't with us here. They're, I think, currently in the state, so technically, I think everything's off-site. Okay. So, what they wanted to know was why an auditor had access to anything but the site's code, like the user database. Oh, sorry. Okay. So, they're asking why would an auditor, a site auditor have access to anything besides the code? Why would they have access to the actual user database? Let me just check that question for you. Two seconds, please. Okay. Raise his level, Ed. Raise his level on the slider. Mm-hmm. Financial audits, not the security audits. Financial audits, not security audits. That's why. Okay. Yeah, okay. So, that's, it's a financial audit you're referring to. Why does he need live data for that? They're asking. Why, sorry, why do we need, why would he need live data? Well, if I guess for a financial audit, he would need live data, wouldn't he? Okay. Yeah, I don't know, to be honest. How many bitcoins were stolen? Or how many dollars were the bitcoins? How does it compare with the normal... So, there is one account with... I'm sorry, can you say it again? We don't, we don't have an exact count, but we know, yeah, that was sold off. As far as how much money has been lost, I think it's to the tune of about $1,000 that was withdrawn, but because we're going to be reverting back with the trade, hopefully we're going to be trying to track down the day right now. I don't think we have an exact number. Okay, and then... We know for actual dollars, it's going to be whatever was withdrawn from that account. About $1,000 a day because of that limit. And what about, I was going to say, oh, people, obviously you're going to roll back the transactions. We know that. What about somebody who made transactions and then they withdrew $1,000 worth in the meantime? What's going to happen there if they've already withdrawn the money that they had in there? Yeah, I don't know if we hit that on the head yet. What exactly are we going to do? Hopefully, like, what we will be doing is, as we figure these kind of hard questions out, is update the website or communicate to the user base, so I'm going to answer for you right now, but... Okay. At what price point were those Bitcoin stolen at? Oh, at what price point were the Bitcoin stolen at? What does that mean? I don't know what they mean by that. I don't know. They were just Bitcoins. Oh, you mean like if they withdrew $1,000 worth of Bitcoin at what price point? A penny of Bitcoin? That would be $1,000 Bitcoins. $1 USD limit? Yeah, it's a US dollar value. Yeah. Yeah, it's the US dollar value. So, like, if they withdrew, I mean, you may not know that yet, but if somebody withdrew Bitcoins, $1,000 worth of Bitcoins, was it $1,000 worth of Bitcoins at a penny apiece or at $0.10 apiece or at $20 apiece, you know what I mean? Oh, okay, gotcha, gotcha. Yeah, the daily limits, you know, $1,000 USD, so good question on how much was it was actually worth in Bitcoin. It was about, just getting from Mark here, maybe $1 to $200 Bitcoins, so it wasn't at the... $1 or $200, okay. Yeah, it wasn't at like $1 cent. Right. Okay, well that's good. I read that, and I think it was a statement there, that most of the Bitcoins that you have are stored offsite. Yeah, they're not. I don't know, we've got some different security measures that we use, so... So did the compromise arise out of the financial audit? Did the compromise arise out of the financial audit? Is that what you're saying? During this financial audit, someone got access to that computer? I mean... Wasn't it just that that person does have access to the database to perform the audit? So, whoever... I'm not sure how they knew this, but they essentially compromised the computer and then were able to compromise the website, or the database, sorry. Well, speaking for the customers of Mt. Gox, what kind of people are doing your financial audit that would not make the database better? Are these people trustworthy? Obviously not. Or something, if they let it into somebody's hands who are going to hack into the database and misuse it, how are you finding people to do this financial audit for you? Let me just ask... Jared, I just want to say our program is available later. If you want to get him on the phone, he can answer one of the technical questions I'm sorry, Adam. Okay, that was Jared. What were you saying, Adam? Yeah, sorry. As far as people doing the audits, which was only one, we do have a contract with them on disclosure still. We did all the right paperwork to make sure things were correct and there's only so much you can do in hindsight. So, everything as far as who's going to be able to access this kind of stuff. Yeah, for sure, obviously. It's hard to know who you can trust when... I mean, everybody has that issue. You never know who you can trust until you can't, and that's how you find out. Yeah, we're not... I don't think we're saying that this person isn't trustworthy just that they may not have taken the proper steps towards curing their computer, their system. How would their computer be compromised, compromised database? Was the database just available on the server for anyone who had local access to access it in the first place? And why was it stored in plain text? How was it stored? Can you hear that? A little bit, yeah, let me just ping that off Mark here, two seconds. Okay, good question was will the auditors be responsible for the losses? Unfortunately, yeah, we don't know how it was compromised yet. We're still investigating on that side what went wrong, and then obviously we've got our hands busy with trying to just... Right, here's a couple more good questions from our chat room. Someone says, is the auditing firm going to be responsible for the losses? And another one throughout to you is they say that I should be providing them only with a scrub database that has the user's identity separate from the financial records. Oh, I see. Yeah, whether or not they'll be held responsible, I guess we need to find out exactly how much they need to be responsible, or if that's even at play, so again, yeah, I don't have a good answer for you, but once you know what we're looking at, right now it's $1,000, so I'll certainly talk to Mark about that. I know we're kind of re-evaluating everything right now, so those kind of suggestions are definitely we'll put on the table. Let me say this, people in the chat room say your question only once. If you repeat your questions over and over with copy and paste, you're just going to be banned from the chat room, so because that's not helping anybody, say your question once and we'll be able to read them, otherwise you're going to be banned from the chat room. So they're asking about why would auditors have access to passwords, even hash passwords that should never be disclosed is what the comments are. What can you say about that? As far as I know, they just had read-only access to the database, I'm not sure the particular isn't. Yeah, I mean, the question is I guess why would financial auditors need any kind of access to passwords, even hashed passwords? Yeah, no, I understand the question. Unfortunately, I can't bring it off Mark right now, he's on the phone. Maybe, you know, what we can do is I'll take that line with Mark when he has got a few and then I can, you know, we are trying to communicate on the website, so we're going to get back with that. And people are also asking when yes, we are banning the spammers from the chat room as quickly as we can. We're kind of short staffed because it's a Sunday night in New York and so we're kind of running out of shoestring here, we weren't planning to broadcast today. There's another question that was about when will we get our money back? When the people do you have any idea and ETA on when the system would be back up and rolled back and secured? Yeah, good question. So I just updated the site saying that we're going to be migrating everyone to SHA 512 multi-iterated salted hashing, so what that means is just better and the system's back up. We don't know exactly, we've put it out for six hours from access to the account from before. Also you'll need to verify your email address password, you'll then be asked to update your account to a strong password. Once the system's up we're also hoping to do a withdrawal password as an extra kind of safety catch. Just stop any kind of big withdrawals just okay. You can hear Adam well okay Ed? Can you? Okay. Yeah, I mean somebody's asking okay, financial audit, well two things. What kind of a financial audit are we talking about? Is it a government audit or a private audit? And also are you, are there plans to have a security audit, a third party or even a fourth party security audit on the entire system? Yeah, I think we're definitely looking at getting people to do security audit goes without saying. As far as the financial audit, I'm not sure what the nature of that was. Mark just two seconds here. What about dynamic IPs? A complete question. What about dynamic IPs? Two things about authentication through static IPs I believe and they're asking what about users with dynamic IPs where every time they disconnect from their internet they connect again and then do it again. I got it. Okay. Okay, I see now I see a question that I'll ask and that one goes back here. Didn't answer Yeah, someone didn't register an email with Mt. Gox. Can they reset their password? There's a 432,000 baseline transaction Sorry guys. Yeah. Okay, so yeah, I just spoke with Mark. So yeah, as far as the auditor, they were auditing us to make sure that we weren't kind of leveraging our position I'm not sure how to put that that we weren't messing with the numbers and doing anything illegal on our end. Now we I just spoke with Mark and he was saying that it sounds like, yeah, we're probably going to be following up with lawyers and probably assuming them. So yeah, they are going to be held accountable for the breach in security. Lots of people are asking about this 430,000 Bitcoin transfer from Luck Explorer that a lot of people are wondering if it was from Mt. Gox or saying that it was from Mt. Gox. You know anything about that? The 400 what was the number? 430,000 432,000 Bitcoin transfer Just 2 seconds That's the amazing thing isn't it amazing about Bitcoin that you can see someone's transfer I mean, imagine if I could just see when Chase transferred money to TD, you know, right before they went under or something. It's like that's such a weird phenomenon with Bitcoin, isn't it? Yeah The passwords were salted which I know salted is now We're ready to answer, yeah Okay, go ahead. Yeah, so it sounds like as kind of just a security measure we moved all of the Bitcoins like our, I guess you could say our wallet from the Mt. Gox over to an on-site backup so that was us just I guess moving everything so it isn't compromised later on. So it was moving it offline, you mean, right? Exactly. To secure it, okay That's what I had read, people speculating in it made a lot of sense I mean, you don't want to have everything on-site A lot of people want to ask about dynamic IPs as it's normal in Europe and even in the United States in a lot of areas what's going to be done for authentication for people with dynamic IPs that don't have the luxury of a static IP? Yeah, did you hear that? Speak up really loud because we can't hear too well. So he's saying that you're talking about static IPs for security, what about people with dynamic IPs, which is like most people Oh, sorry, you mean when they go to re-authenticate their account? Yes, right Okay, understood. Yeah, generally, just because it happened recently, I guess it would depend on when the last time they logged into their account was I know generally I'm not sure about in the States but I know in Canada the ISPs usually wait two weeks, more maybe before you refresh your or get a new IP address so I guess off in a month or two Yeah, maybe so yeah, it really depends on how many people are seeing with that issue and maybe we'll have to cook up something else to make sure that they can access their account Yeah, and people are seeing Exactly, a lot of people are saying they register their account with no email address on file, how can they be authenticated? I guess it's the IP address if it's either the IP address or their email, what if they don't have either one? Yeah, if they don't have either one it's going to be more manual for sure, what they'll probably end up needing to do is getting back to us with a general kind of transaction history to that effect I wish there was a better way I don't think that that our resources are still we want to make this as automated as possible Of course, yeah, so can you hear me? Can you guys hear me? Somebody's saying my mic is low again Can you guys hear me? Ed, can you hear me? Okay, good, so Jared do you have any questions? You're hanging in there, Jared Kenna is here from Trade Hill as well, he's on with us Talk to us, what are your thoughts and comments, questions do you have? I think it's a lot better in regards to our security And actually it'd probably be a lot more interesting conversation to have him talk with Adam than me anyways, so I'm going to have him call in right now if that works Okay, sure, are you going to call in? And then they wanted to know were the passwords salted before they were hashed? Okay, Adam, question were the passwords salted before they were hashed? We updated on the website, the passwords were salted before they were hashed and how Every active user has got a phone Okay, I'm sorry we got, who do we have now? Hello Hey Mike, how you doing? How are you guys doing? Good, good, we are What's your last name, Mike? Mike Drabowski Okay, from Trade Hill is on with us Do you have a camera over there? Okay, let's look at a little teeny-tiny thumbnail of you then We're on the air here with Adam Barr from Mt. Gox Jared, you're the programmer guy from Trade Hill, right? The technical guy? Okay, sounds good So what's your take on this? Did you have any questions specific for Adam at Mt. Gox or concerns? Answers? Obviously, I'm not aware of the specifics of their situation We're concerned about it We're concerned for ourselves It's not something that we like to see But I trust that they have it under control Okay, hold on Who is Mike? Oh, do you have What are you talking about? Do you have, sorry about that Do you have speakers on, what are you talking about? Do you have speakers You don't have a Ustream running, do you? Or do you have to put your speakers Move your speakers away from your mic There's something wrong with this one Are your speakers moved away from your mic? Can you repeat that last thing that you said? Can you guys hear me okay now? I was saying I don't have any specific questions for the Mt. Gox guys I think I'm concerned about what happened I'm concerned for us as well I think this is going to be an issue moving forward Security is obviously going to be a big issue moving forward But I trust that Adam and Mark have the situation under control and look at it solved Okay They wanted to know Was the solved compromised along with the database for Mt. Gox You have to speak up really loud It's over here Apparently it's not working You want to speak into this mic then They want to know for Mt. Gox if the salt was compromised along with the database some users are speculating that indeed was compromised as well That's a question for Mt. Gox Who's that question for? For Mt. Gox Along with the database being compromised was the salt compromised as well I don't believe so Let me just double check Okay If they plan on getting any certificates or considering issuing certificates to the user and then have the user authenticate using certificates So yeah Mark is just saying they can't use rainbow tables The salting can be broken eventually but we hope to have everything up and running and everyone migrated over to the new SHA 512 SHA 512 Is that a lot more secure? Yeah Definitely more secure more secure is if the same kind of situation were to happen again it would be difficult for anyone to Mark was also saying that once we do move over to we're going to be asking people to update their passwords to strong passwords which we think is a bigger issue Okay They just want me to for basically as long as the chat has been around people have been screaming bcrypt so I wonder if bcrypt was on the table as far as security was Did you hear that? Okay they're talking in the chat room about bcrypt and whether that's on the table bcrypt You're afraid that SSH 512 is not secure enough isn't that great A lot of security experts say that bcrypt isn't that great he's saying okay I'm sorry Sorry? Mark was just saying that we're going to use the SHA 512 with a thousand iterations so he and so we'll be enough Michael what is your take on that Michael You're asking me that I'm asking you about trade hill as far as solved algorithms for password protection on trade hill Yeah so right now we're using SHA 1 which we obviously need to re-evaluate their hashing is obviously salted so at least we feel good about that component we can consider SHOP 256 or something else it sounds like the MT Gox guys are aware of that as well now I'm sorry what was that last thing again? Sounds like Mark and Adam are aware of the limitations of SHOP 1 and are considering SHOP 256 now more better Alright and there were people asking about this is again for Mt. Gox I guess about open orders what's going to happen as far as open orders on Mt. Gox when you bring it back up again Like unfilled orders? Yeah I guess the order book is what they're referring to Okay well I know like again we put on the website here orders 470 will be reverted so let me just check if that's up to when we shut it down or where that number is everyone's saying cancel them cancel them Yeah go ahead you're breaking up SAID again? Yeah so sorry the numbers I just talked about were the actual trades that went through and the open orders will be flushed Yeah be flushed okay that's what I've been saying and like when you bring it back up I mean this is just a naive question because I don't know but when you bring it back up and there are no orders do you have to seed it with some orders at first like wild prices that go through and people feel cheated I know that like when you start a new exchange I think that you guys did this on Trade Hill when you start a brand new market a brand new exchange you have to bracket those asks and bids so that there's no wild bids that actually go through when someone's bidding a penny or something Yeah well obviously when you open up an exchange and there's nothing going on there you want a few market makers there to who feel comfortable losing or gaining money and they would put out bids that they feel are appropriate and so ideally you have some market makers there at the beginning to kind of bring some sanity to the situation Right and you hear that and are you gonna bring I mean are you going to do that when you bring it back up again Yeah I couldn't sorry I couldn't hear the other comment Market makers when you first start if there are no orders are you going to somehow have market makers as they call it there to bracket the asks and the bids so that there's no wildly out of range asks or bids that actually go through Yeah good question Two seconds Are you gonna put any markets in the bids? Chatroom what other questions do you have that we're getting to ask The security person now what kind of service patients do they hold Is it SIS CIS SP So yeah that's right to jump back at that last question we are looking at doing that we don't have any details on how exactly how but yeah Mark is setting that up Okay there are questions about the security person now whoever that may be assuming there are any security personnel I mean that may fall on you and Mark but the security personnel what sort of certifications do they have if any and what was the other thing like if they're certified and do they have any money that could deal with LGBT issues LGBT issues there's being gay bisexual transgender issues it's just a week before gay pride maybe there's relevancy there but yeah so do you have security personnel and are they certified in anything oh and someone wants to know will they be flogged will they be flogged that's the LGBT issue oh no you're out extradite them to turkey they're saying at least drought slapped so yeah Mark was our main guy security up until now obviously now with we've been kind of just resource tied the last little while we talked about getting some people in now that we've got this kind of break get everything back like we're looking for people you know anyone and also we've got a new Mark's been working on for since April that now implement in full that'll add to all from what I'm told so you're looking for people are you hiring people only in Tokyo or can they be located elsewhere good question security anywhere is fine obviously preferably Tokyo we've got we've got this kind of having people offsite aka auditors or security people we'd love to have people in house if possible another question coming if things could have been done differently what could have been done differently in hindsight what are the regrets what could have been done differently okay I will ask he's just laughing yeah I'm sure hindsight is 20-20 yeah we regret being resource tied and not being able to finish the back end the security side we're not I'm not sure that it was such a big fault on our end by association but compromise so that was a big concern of ours was making sure that that wasn't the case yeah mostly just not hiring actually we've got an interview waiting for us right now so I'm not sure how long are we going to be well how many minutes are we at okay yeah so we can pretty much wrap it up one thing that I have seen frequently in the forums is a question of communication and I think that security is definitely number one but I would say pretty close to number two would be communication are there any plans to have a community liaison someone who's going to be a spokesperson from outgox to really communicate what's going on and why when decisions are made or changes or things like that because it's really really is bad for customers to not hear a response for a week I mean that's the comments I've read in the forum and yeah first first kind of big one is security second one is definitely communication which we're not going to lie that job of and it's not that we haven't known that we've been doing a bad job of it just that we haven't had the resources like Mark and myself have been working all of that we've got a Zendesk where we can post announcements we would like to get that migrated to the front page you know of MTGAUX so we can at least post updates so going forward I'll probably be the liaison and as we get more people I'll be able to spend more time doing that so you're Adam Barr and are you Adam at mountgox.com is that how people can reach you okay so just ADAM at MTGAUX.com oh yeah you're going to make your life happy you're going to get lots of email but I think it's important though to be able to respond quickly and answer questions even if it's a one-liner back and forth it really instills faith and confidence in what you're doing so that's important so yeah I've got another interview waiting we can let you go we can always talk more now that we have your number and did you have any one more one more question to lock their bitcoin or mount or doalla address in their mountgox account so they can't compromise it and change it right away and then send or cash out to the user you follow no I don't understand the question the question I'll repeat it is would mountgox consider allowing the users to lock like link to lock a payout address to doalla yeah to doalla or your bitcoin my bitcoin or something yeah so if you're mountgox and somebody compromises the account they immediately change the address oh I see what he's saying so this might be something to consider for future development and hear this trade hill over there too because what they're saying is that you could the idea would be to lock your account specifically to one bitcoin address or one doalla address so that funds couldn't be diverted to somewhere else although that could be a big drawback if you want to change your bitcoin address you know that's something you have to really think through right I mean if you want if I wanted to go to one bitcoin address today and another one tomorrow that's going to be pretty inconvenient and how long with the lock before that's something you have to really think through but it's an interesting idea yeah I think the main thing right now as far as the security around the withdrawals is getting a second password in place I agree a cell phone like they were talking about some sort of a cell phone to SMS verification code that you type back in send me a text message to my registered cell phone and I send an SMS code back or something like that everything's on the table right now you know as a community and I'm sure trade health listening hopefully they can learn from our mistakes oh one more thing that keeps coming up sorry guys in the chat room I so much to talk about a circuit breaker is there any way to implement some sort of a circuit breaker when you know I mean I don't know if you guys are watching the market literally 24 hours a day you know in Japan you're actually on the opposite of our calendar clock so like are you literally watching it 24 hours a day and is there a way to automate a circuit breaker so that if something goes way out of out of whack a certain percentage of you know the price drops drastically that it could just literally like freeze the system automatically is there a way to automate that yeah I mean right now it's been manual I think the mark kind of caught wind of this at 3 a.m. or a time as it was happening someone and let him know what was going on so future I guess it really depends if we can have people monitor it 24-7 I think the office that we're in now wouldn't allow us to have people in in the office to look at but I think that yeah there'd be interest in our side of doing something like that I can imagine I can't imagine why not people are asking the name of the auditor is that something that you guys can disclose who was the auditor not right now no we'll have to you know yeah everybody wants to know of course what and then here's an interesting one about like the privacy policy they say how can we trust if our information was given to an outside source without a consent yeah you know they at least want to be notified or you know wanted the option to not consent to that yeah so I don't know if you heard that question but it's a privacy policy question about you know whether you can not release people's confidential information like their identity their email address to any outside auditor any other agency without their consent yeah exactly yeah definitely like we need to work on in terms of use and we want to lay all that out for people and definitely you know that we're going to look at one thing maybe having a separate database for the users and emails and everything so yeah definitely we'll look at that but sorry yeah you've got to run you've got another interview so well we really appreciate your time taking the time especially in the middle of all this so but good luck I know you've got a lot on your plate but we'll talk again and we'll be in touch and we're going to be very communicative with the community and this is that mount gox do well and bitcoin does well trade hill does well we need we need more better stronger more secure it's in everybody's interest that bitcoins you know comes out ahead winning in the end so thank you so much Adam we really appreciate your time yeah thanks for you guys and your patience with me and give our best to mark in his native tongue from all of us and we'll be chatting again soon cheers all right thanks a lot of them that's Adam Barre from mount gox and live from Tokyo and how many minutes are we at a 50 okay so we can wrap it up pretty soon here but Michael did you have any other comments or questions or thoughts about this whole situation and any of the things that Adam said yeah I'll just throw a few ideas out there first of all I just want to introduce myself again Mike I'm the lead programmer at trade hill I called in because I feel that perhaps Adam and Jared didn't do justice to some of the questions that were asked earlier right so I'm happy to take another stab at some of those if any of the viewers want to re-ask them as far as comments on the situation I think people need to understand certainly we and very likely mount gox as well our resource constraint you know we all have a certain number of people we all have a certain amount of money and we all have a certain amount of time and we need to try to spend that wisely and it's a balance between security between features between customer service between all of these things and obviously on our side we're always reassessing where to allocate our resources it's clear that security has become very important now probably more important than what we have realized and so at least on our end we're going to be focusing on that a lot more probably hiring a few more experts to come join us probably experts with the proper certifications to assess our system for us as Adam and Jared pointed out earlier it's very important to us to be transparent and so while giving out as much information as we can on the forums most likely we're also going to try to balance that with not giving away enough to help people in some way get into our system they wanted to know if trade hill is using sha1 is trade hill using sha1 you just speak really really loud many at the time is using sha1 they are a trade hill okay I'll say a few more words Jared and Adam earlier mentioned we're looking at some additional authentication mechanisms for when users sign in we're certainly open to many ideas one idea that we're currently starting on is users can opt in to a feature where when they try to log in we send them an email to the account that they registered with it would be like a one time use key and they would need that as well so not just their password but this one time use key and we could set that up to either be sent to a cell phone or to an email address and that's in the works I would say it's three days out maybe a week out but it's clear that it's important I do want to emphasize though it would be an opt in thing to get up to the users to make the determination on that another question have they considered issuing certificates for users so that they would need to authenticate in order to log in I'm not exactly sure what sort of certificate you're referring to in this case I don't really know either like website certificate I don't really understand that question PGP certificate open ID or as e-certificate could be used two way SSL okay I don't know if you heard any of that did you yeah I got that yeah those are obviously more advanced methods of verifying identities and we're certainly open to that right now we don't have any plans for that sort of thing but you know if there are things that give us a lot of benefit for relatively low cost we would be happy to implement them right I mean that and the average user has to be able to use it too because if I can't use it it's useless you know absolutely and it's kind of that balance that I was talking about before right we need to balance so many things one is user convenience the other is security on our end we need to balance how we spend our resources is it for new features is it for customer service or security yeah and they're saying that is a barrier for new users if they have to jump through all these technical boundaries but I mean simple things I love the idea of the cell phone SMS kind of thing where you can just get a text message and type in a code and that's just such a simple little thing that gives so much more security it does but you know as with all of these features when you add this you need to consider the ramifications and you know you may think you're adding some little security but you may be opening yourself up to something else and so a lot of these things you just can't kind of slap them into there you need to really think about what the implications are okay does anybody in the trade hill programming team have any background that would sort of indicate that they have experience in writing secure platforms did you get that? does anybody in the trade hill programming does anybody in the trade hill programming team have any background that would indicate any what's that special skills in creating a secure platform okay yeah so none of the guys on our team are certified in any sort of formal sense many of them have backgrounds and kind of definitely in computer security and kind of the hacking kind of gray areas almost even but we recognize that it's important for people that we have actually certified security and so that's something that we're going to be looking into to bring on board somebody with the proper certifications two more quick questions and then I think we're out of time one is trade hill hiring yeah I want to talk about that because that's actually really important you know we're not making very much money right now the money and the time that we're putting in is our own really and you know there's a huge opportunity cost for those of us who are putting effort in we could be doing other things with our time that said we're most definitely hiring and we're most definitely looking for help the biggest areas that we could use help with are one security, two scaling up to handle more users so we're looking for database experts Apache experts, MySQL experts security experts as I mentioned and also Python coders our system is written entirely in Python one more quick question we've got like one minute left and in 60 seconds when will trade hill be up again and open for the users that's a decision we need to take we talked about it for a while whether we wanted to halt our trading and we figured it was best for users we weren't pleased about it because we don't like locking people out of their funds because obviously people can't withdraw money right now we would like to open again tonight but we just need to balance that with making sure that all the users can spend time so that nobody does actually lose any money okay all right so yeah make sure it's secure make sure the passwords are safe before we open it up again all right well we're gonna thank you very much again Michael and we are out of time but I'm sure we'll have many more conversations soon thank you so much for joining us and filling in on this important historic historic time all right thanks a lot guys we'll see you tomorrow thanks for joining us thanks to everybody in the chat room and the IRC as well all right thanks see you tomorrow