BobRTC is a failing cesspool of paranoia

Based on both private and public conversations I feel that it’s safe to say that BobRTC is not in a good spot. The paranoia over alts/trolls/etc and how to contain them is consuming most of the developer’s time. What free time they do have is used to lash out against people who they feel have wronged them, such as calling popular scambaiters retarded. BobRTC has now gone to next level toxicity, threatening to ban/remove tokens of anyone who disrespects their admin. This is a double standard as their staff runs amock being disrespectful to the community, I personally was harassed and manipulated by NeeP for several hours on Thanksgiving while he tried to get me to dump ALL my Bobross data under the guise of sending it to a researcher, when in fact he was also trying to also get the data for BobRTC. Going sofar as to say “You don’t do anything for the community”.

BobRTC is failing and will horribly fail unless actions are taken. Here are my suggestions.
1) Hold staff accountable, they should not be allowed to treat people like shit, lie, or manipulate others. Keeping toxic staff only destroys yourself.
2) Stop it with the paranoia over alts/etc. This is only because BobRTC security measures and verification are lacking. You're spending so much time and efforts developing ways to track 'alts' instead of just locking down systems to make sure they're safe. You're punishing random people over your own security and personal flaws. BobRTC went from publicly saying they don't log IPs, to now logging IPs, blocking VPNs, and requiring additional information/verification via Discord. If the systems were locked down securely, you wouldn't need this crazy level of security. And if you can't even keep your own platform secure from trolls, why should anyone trust you with any of their own data?
3) Don't fuck over your users for poking shit. For reference, see this thread: http://scammer.info/d/29252-bob-rtc-mods-have-lost-their-mind/ Offer a bug bounty of reasonable XP/whatever for anyone who finds a security flaw. Let your users be a powerful tool to make the platform more secure. Blocking users for poking shit is basically admitting that things are insecure. If you have zero confidence in your ability to protect things, nobody else will.
4) Stop making it harder and harder to use, you're becoming your own enemy. Get people to actually verify numbers properly so people don't even need to register to make toll free calls. Registration would reward people with XP/whatever, but not be required.
5) Again, actually verify numbers and have a clear policy on what's acceptable and what's not. The huge amount of drama that you're experiencing is because you put people in positions that they shouldn't be, and they added numbers that you feel they shouldn't have added. If your site is secure, and numbers were verified you wouldn't need to spend so much time worrying about the damage that trolls can do.
6) Stop lying your bullshit lying.
[img]https://i.imgur.com/O8ku9zx.png[/img]

BobRTC does log IP addresses, just not how people expect. NeeP knows this, and is choosing to lie to the public.

[img]https://i.imgur.com/fEjrrd8.png[/img]

In addition, BobRTC fingerprints every user's browser and will ban people for using a VPN that changes browser fingerprints. This fingerprinter is included on every page, checkout: view-source:https://bobrtc.live/js/client.min.js and then review https://clientjs.org/

So not only is your IP address being stored, they store your browser fingerprint, AND now the extra security data. I cannot condone this ongoing deception. If scammer.info were not so ingrained with bobrtc, bobrtc would have been kicked from scammer.info. The original goal for BobRTC was in earnest good, but it has become something terrible and is sadly going to continue the downward spiral.

1) We put in fingerprinting to trace Ed Gein’s alts. Ed is a nazi racist troll in Israel who has been attacking BobRTC since launch.

2) Because of Ed's latest rash of spamming (before it was DDoSing), we selectively turn on/off VPN bans on the BobRTC IRC server so we can trace down Ed's IP address and ban him selectively in CloudFlare. Ed then DHCP renews his lease to grab a new IP then repeats his cycle. Because he never stops, which is why

3) We have now activated 2FA to slow down the rate of alt creation coming from Ed.

I'm assuming "scambait99" is a sockpuppet account you just recently created because nobody else has made this an issue this morning except you.

And I noticed how you selectively decided not to block out NoSauce or Lynx's IP addresses from the IRCD screenshot, which are two individuals that you don't care much for.

We can see IP addresses of those who connect to the BobRTC IRC server and when there is spamming occurring, we can see where it is coming from and if need be we can block VPNs on the IRC server. We continue to allow access to BobRTC's voice service from VPN while you won't be able to use the chat server when we have VPN bans activated.

If this is upsetting to you, may I suggest you go get a fucking life and leave us the hell alone.

@bobHasAvirus#121417 make your own call service platform

@kenzo#121430 Great retort Kenzo! I especially loudly applaud the last sentence.

>

I’m assuming “scambait99” is a sockpuppet account you just recently created because nobody else has made this an issue this morning except you.

Nope, and unlike NeeP I don't really go around habitually lying.

>

And I noticed how you selectively decided not to block out NoSauce or Lynx’s IP addresses from the IRCD screenshot, which are two individuals that you don’t care much for.

Actually, it was to point out more hypocrisy on your part. Good job taking the bait. Previously I objected to you sharing IP addresses and was told it was no big deal because they were using VPNs, so you sharing that information on discord wasn't doxing. Now that I share it, I'm doxing. Cool hypocrisy bro.

[img]https://i.imgur.com/xdlsCUt.png[/img]

>

We can see IP addresses of those who connect to the BobRTC IRC server and when there is spamming occurring, we can see where it is coming from and if need be we can block VPNs on the IRC server.

NeeP said IPs aren't logged, flat out denied it and insisted proof be shown. You guys keep on doing terrible shitty stuff, lie about it, then dance around semantics or move the goal post. NeeP lied, you guys are doing shitty things to your users but threaten bans/etc at the slightest disrespect.

>

If this is upsetting to you, may I suggest you go get a fucking life and leave us the hell alone.

I'm not the one that's really upset here.

Also, I want to point out the irony of me saying that the paranoia is killing BobRTC…Kenzo responds with paranoia accusing me of using an alt.

@bobHasAvirus#121434

The only reason you're going apeshit right now is because Deeveeaar has been banned and he is not coming back. He is never going to be coming back.

Further, we're not going to tolerate any more attacks from Ed Gein and if fingerprinting, IP bans and then using IRCD to trap him or anyone else trying to wipe the platform out, we're going to use those tools.

You keep saying "IP logging". We are not writing any IP addresses to disk. Further, everyone who is signed in to IRCD as an IRC Operator, which the dev team is and also several moderators can see IP addresses on connect. ***None of these are ever written to disk, therefore they are not logged.***

I don't see you crying about how scammer.info logs IP addresses of posters, which it **does** write to disk. Your IP is being logged right now by just typing on this website.

Let's be real here and honest: your goal is to purposely spread FUD because it probably horrifies you that part of your handle/your online identity is wrapped up in the "Bob" part of BobRTC back when we all used to be cordial and friendly to each other. You never wanted anything to do with this project and then you clearly stated that when you returned. Before you decided to start this FUD campaign you were lobbying me to bring Deeveeaar back and unban him.

That is not happening and that is never going to happen. Nobody on the BobRTC dev team wants anything to do with Deeveeaar ever again. We are not going to do anymore free work for him, we are not going to be giving him any more tools. YOU are friends with him and you have a dialer, so why don't you do free work for him and set him up.

Since this relationship has been poisoned by Deeveeaar's team and their blatant disregard, you're resorting to this.

I don't know what else to tell you Bob, but we don't really want to have anything more to do with you.

@bobHasAvirus#121417 So in response to this, I just want to point out that you are angry about us “IP logging” but yet you have posted me, NoSauce, and a few OTHER BobRTC users’ IP addresses ON YOUR POST. If you have ever used IRCd as an operator, you know that it prints connecting client’s IP addresses to anyone signed in as an operator. While this data is sometimes sent while we’re connected to IRC, it is NEVER logged. NEVER EVER EVER! The fingerprinting is absolutely happening. We went back to the drawing board and it was blocking VPNs or 2FA. We value our users’ privacy so we decided that using phone verification without us being given the user’s phone number was the best fit. When you complete our 2FA, you ONLY give your phone number to Discord. That information is never seen by any BobRTC staff EVER. Fingerprinting was implemented in order for us to protect ourselves and our carriers from open abuse tickets/legal problems. While a person may be identified on OUR SITE ONLY by their browser/device’s fingerprint, this will not lead anyone INCLUDING LAW ENFORCEMENT to their true identity like an IP. Once again, it was either this, or store IP addresses. We made the compromise between controlling people’s alternative accounts and maximum user privacy.

And since Bob is now resorting to posting IP addresses of scambaiters on scammer.info, I’m hoping that TLS staff can get here quickly and axe this thread.

>

You keep saying “IP logging”. We are not writing any IP addresses to disk. Further, everyone who is signed in to IRCD as an IRC Operator, which the dev team is and also several moderators can see IP addresses on connect. None of these are ever written to disk, therefore they are not logged.

Bingo. NeeP lied.

>

I don’t see you crying about how scammer.info logs IP addresses of posters, which it does write to disk. Your IP is being logged right now by just typing on this website.

scammer.info/thunder hasn't claimed to not log IP addresses. There's a difference there.

>

Let’s be real here and honest: your goal is to purposely spread FUD because it probably horrifies you that part of your handle/your online identity is wrapped up in the “Bob” part of BobRTC back when we all used to be cordial and friendly to each other. You never wanted anything to do with this project and then you clearly stated that when you returned.

That's an interesting theory. I'm horrified because of something I could have easily been a part of, but don't want to. Well, okay, that's one theory. But nowhere does that address any of my pretty reasonable concerns/suggestions.

>

Before you decided to start this FUD campaign you were lobbying me to bring Deeveeaar back and unban him.

You have yet to demonstrate what if any of what I've said is FUD. As for the 'lobbying' If you want I can post the chat logs to a much more public place. Most of the time I was telling you that your paranoia was going to destroy what you and others have created. I suppose some of what I said could have been interpreted as trying to just get you to chill the fuck down. Like I've said, you're in a bad place.

>

That is not happening and that is never going to happen. Nobody on the BobRTC dev team wants anything to do with Deeveeaar ever again. We are not going to do anymore free work for him, we are not going to be giving him any more tools. YOU are friends with him and you have a dialer, so why don’t you do free work for him and set him up.

I feel that you're projecting your own reasoning into my suggestions just so you don't have to deal with the logic of it all. That's not my goal, the paranoia is consuming you. You've created a whole damn strawman just so you don't have to think about how your paranoia is destroying the platform you've created.

>

Since this relationship has been poisoned by Deeveeaar’s team and their blatant disregard, you’re resorting to this.

Resorting to what? Saying you need to treat people nicer, hold your staff accountable, and not lie to the public? Only someone in a paranoid state of mind would be so offended by my feedback. I would suggest you chill, take a week off. Things are getting to you.

@kenzo#121440 If me sharing those IP addressing is doxing, then basically you’ve admitted to doxing people. It’s an interesting double standard.

@bobHasAvirus#121445

You doxing people then claiming I'm doxing is not doxing.

If you weren't such a retard and learned how IRC worked you'd realize that is an IRCD log (and if you looked at unrealircd and used it you'd figure out it doesn't log shit to disk on default config which is what we have), and that is what spat out after I ran /rehash to enable a VPN banlist. Everyone who was connected to IRC coming from a VPN account was K-lined off the server.

I posted the screenshot to the private Discord where the DEVELOPMENT TEAM sits to show them I had completed this task.

You then turn around and use this to make up a lie that we're logging shit to disk. The one who is really lying is you and your motivations for starting this FUD campaign. You're doing this shit because we canned Deeveeaar because you were lobbying for us to unban him then you started up this bullshit.

Just take the hint Bob and lose our number.

@bobHasAvirus#121445 Doxing is publicly posting someone’s information. When you posted mine and a few other’s IP addresses, you sourced that information from a private server with you, the BobRTC developers, and a few others. This is a PRIVATE server. Let me repeat myself: </s>Doxing is publicly posting someone's information.<e> Scammer.info is a PUBLIC website so I think that your posting of our IPs is closer to meeting the criteria of doxing than simply posting data in a private server to debug the VPN ban-list for IRC.

@kenzo#121449

If you weren’t such a retard and learned how IRC worked you’d realize that is an IRCD log, and that is what spat out after I ran /rehash to enable a VPN banlist. Everyone who was connected to IRC coming from a VPN account was K-lined off the server.

Here we go with the retard word again. You are destroying the work that you and others have created. Nobody's going to want to invest or deal serious business with you.

Your team likes to say IP addresses aren't logged. But now you're publicly confirming that people can view IP addresses at any time, and are viewable by multiple people working for you. I feel that at least it's deceptive wording/phrasing if not outright lying by omission, and most people probably would agree. To the average person it doesn't matter where/how the IPs are viewed, it's more that you have access to them. That's my point. Instead of listening to reason, you're yet again on some other DVR related conspiracy. Maybe I AM DVR. MAYBE ME, DVR, AND ED ARE GIVING EACH OTHER HAND JOBS AT THIS VERY MOMENT. Regardless of who's getting a handy or not, you shouldn't attack the advice just because you don't like the source.

@Terminal#121450 I have that information. Who else has it? I feel BobRTC is not being safe or secure with personal information.

@bobHasAvirus#121452 It’s called the idea that if you’re doing nothing wrong, you have nothing to hide. The same goes for BobRTC users. If you don’t post shit or get on IRC and post Nxxxx 10 times(happens on a daily basis), you have nothing to worry about when it comes to IP information being accessible while you are connected to IRC. Also, after a user has disconnected from IRC, their IP information is not accessible anymore. It’s necessary for the IRC server to store a client’s IP address in order for it to know where to send new messages that it receives from other users. After clients are disconnected, there are no logs. This includes the IRCd connection logs sent to people that are logged in as an operator.

In the end, if you're somehow convinced that IPs are being logged by the little to no evidence provided, you may always use a VPN or just get a browser extension(uBlock Origin, etc.) to block Kiwi IRC from connecting on your browser. Soon we might code an option in preferences for people to opt out of IRC including the alleged "IP logging" happening within it. Also, let me show you what is stored in the database for "my IP."

*Obviously* that's my home IP address. The port stored is literally a random number and everyone's IP address according to BobRTC's SQL database is 127.0.0.1. If you don't know what that means, it refers to "localhost" or an IP to mirror back to the device you are sending something out on.

@bobHasAvirus#121455 Other developers sometimes exchange information while trying to debug new features like the IRC VPN ban-list. That is how it goes when you have many developers making different software at all times, information has to be exchanged somehow.

I like how I make a post saying BobRTC is paranoid, toxic, dismissive, and being deceptive with personal information such as IPs and not being safe with them. I provide proof, and suggestions for how to improve interaction with the community. Instead I’m literally met with paranoia over alts, toxicity, dismissed entirely as it’s all some part of a plan to get DVR unbanned from BobRTC (lol?), and then the BobRTC people go crazy when pointed out their hypocrisy and carelessness over dealing with scambaiter’s personal information. Kenzo of course drops in an r-bomb for good measure, just to torch his community and setup the grounds for a lawsuit for anyone who’s worked with him suing him for discrimination. Overall, I rate this 10/10.

@bobHasAvirus#121468 If you really hate us that much, make your own calling platform. We’ve all put our blood, sweat, and tears into building BobRTC. Excuse us for standing up for our work and not standing by while you take a massive shit on it. Apparently it’s “illegal” for us to protect ourselves.

@Terminal#121469 Only someone super sensitive would see this as a shitting on. You guys took the original feedback and immediately went on hyper ballistic defensive. Is calling BobRTC a failing cesspit of paranoia harsh? ABSOLUTELY. But I’m immediately being met with accusations of alts/etc. My point is that your attempts at restricting trolls is hurting yourself. You have multiple people complaining about your ever-increasing security policies and the response is typically to tell people to fuck off. Then you start pulling the Pc Professor 101 shit on me? Lol. At least I fucking know not to trust client side javascript, a lesson BobRTC only had to learn until after Ed fucked you guys up.