64 comments

[ 2.7 ms ] story [ 124 ms ] thread
Very charitable of you to assume that it's just a mistake. Not wrong necessarily, but very charitable.
If you want an airtight defense against libel, it's probably the right position to assume.
Good point. Plus the author is in the UK, which has much tougher libel laws.
If you were really worried about the legal aspects you probably wouldn't include the phrase "...and is using it to scam people" in your title.
The author is far more charitable in his characterization of the scammer than I would be. No one "accidentally" copies someone's website, and no one "accidentally" scams someone. And a person who does that is not a good person.
anonymousbtcsms here.

This is not a scam website. As I stated in my previous comment, we are having issues with our integrations with Coinbase. Because I have been out of the USA, they refuse to service my support tickets.

I am in the process of moving over to Bitpay, but I have not had the bandwidth recently to tackle that project so I have manually been entering in payments as I see them. As a result, the payments wont be registered for multiple hours.

Any customers that have not been happy with the service have been refunded upon request. I wish OP had contacted me directly about the payments not registering.

Glad to hear it's not a scam, but why did you steal basically the entire site content and concept from another website? How does that square with your 'law' #18. Don’t ever take credit for others' work. ?
I did contact you. I sent you 3 emails and you're yet to reply to any.

I'm glad you're not ripping off your customers, though.

It's just a shame so much of your site is copied from mine.

You copied someone else's site. That doesn't happen by accident.
Ah, this text from the scammer's site is still hilarious:

> 8. There is nothing more critical to true success than openness, honesty and integrity.

> 18. Don’t ever take credit for others' work.

Yeah, I'm sure stealing other people's work makes you an honest person.

(comment deleted)
ironically, both websites serve predominantly scammers who need SMS to verify with various websites to commit fraud.
I can see how scammers would abuse such a service but u should not be so quick to assume that that is his major customer base. There have been numerous occasions where I was required to do SMS verification for legit accounts, and I didn't want to expose my phone number.
This happens often enough for you to need a programmatic solution?
Is there any other type of solution?

If some service demands my mobile number, that is a clear signal that I should not give them my actual mobile number.

Scammers don't need to use services like this to commit fraud. They'll just buy their own burner phones.
Unless they're in another country, or need to automate the process, or need multiple numbers, etc.
these scammers are usually located in 3rd world countries and they're pretending to be US/EU users.
Not everyone wants to provide six forms of identification and the finger prints of their first born to register for a website.
yes, but using bitcoin provides a layer of anonymity only fraudsters need. legit users who would just use twilio or another service that is tied to their identity.
Papers please. If you've got nothing to hide, you've got nothing to fear.
(comment deleted)
Considering they mostly offer known VOIP numbers from twilio and likes and smsprivacy.org charges an UTTERLY INSANE $50 per day for physical numbers https://smsprivacy.org/buy-number/physical/GB I can't imagine them being too popular.

Sites like https://smspva.com offer you real physical numbers associated with real physical sim cards for a couple of cents.

Russian and Ukraninan numbers from smspva.com would not be used for fraud. in fact, that would be a huge red flag.
Depends on the type of fraud. SMSPVA is mostly used to create email, social media accounts which are then used for various schemes.
Raising a DMCA notice to their hosting provider should be one of your first actions.
Agreed. If text and look & feel are the same.

I know the poster mentioned that text was rearranged but based on the google description snippet text both appear different enough.

We just had a clients website copied (a law firm no less). We filed a DMCA notice and the site was down within a day. It's a very powerful tool if your work has been copied, so long as the infringing site is in the US (our owned by a US hosting company).
It's a powerful tool if you are a law firm and your work is not very valuable, otherwise you will receive fake counter-notification from scammer and Google will ask you for court order.
reach out to him here: <redacted>
Let's not doxx people here.

How certain are you that it's the same person? How certain are you that the scammer isn't just picking a random scapegoat, and registering a domain in their name?

I agree about not doxxing, but the article points out that there is a link from this person's personal website to the "scam" site. So it's not just someone who's name was randomly used to register the domain.
Sure, unless their accounts were compromised, etc.

I know that the risk is low, and it likely is the person in the LinkedIn account, but regardless - that doesn't belong her on HN. We're not vigilantes; let the article's author and the legal system deal with it for now.

Shouldn't a rel="nofollow" be enough to not give any "link juice" to the webpage?

<a href="Link.html" rel="nofollow">Link</a>

I was not aware that one could that.
His site says "Anonymously send and receive SMS messages with bitcoin. Built during Hacker Paradise South America 2017"

Possibly just a hackathon project that was never meant to have full functionality

I have access to Hacker Paradise Slack group, let me try to reach him there.

Edit: contacted both him (though he was offline) and the group asking for more info

I'm friends with a founder of Hacker Paradise. I sent him a link to this post so hopefully he can look into it asap.
It seems like this was a project someone worked on during one of our trips in the past. While he's not scamming people, it does look like he copied the text from smsprivacy.org.

We don't have any connection to the project, but we've reached out asking him to change / delete the copied text. Hopefully this gets cleared up shortly.

Whois their IP and grab their Host/ISP. Contact their abuse address describing the IP theft. ISPs need to have well defined processes to deal with these complaints or they risk damaging their upstream relationships.
It doesn't work for real valuable IP because we don't have Internet court and even in obvious cases only real court can tell who is 'IP theft'. So creators have to spend a lot of time/money to prove obvious things while the scammer can change providers easily to DMCA resistant one.
kevin at anonymousbtcsms.com:

This is not a scam website. I am using Coinbase to process transactions and their platform has had a host of technical difficulties for non-usa based customers. I have been manually updating payments for the last several weeks, such that there maybe a few hours delay between when transactions have been confirmed and when they are tracked on the website.

I noticed your payments several hours ago and I had already credited your account.

While my FAQ does say no refunds, I have always provided refunds when asked. You did not contact me about the payments not being correctly stored.

-Kevin

Hi Kevin,

Thanks for the update, I'm glad to hear your site is legit!

I can confirm the payment is now credited in my account, although it wasn't at the time I wrote the post.

Can you please remove the text you copied from my site?

EDIT: I've added an update at the top of the article.

Would love to hear a timeline as well, AFAIK in these kind of situations they are normally included. It's not as bad if someone doesn't reply in 24h as if someone doesn't reply in 1 month.
It was only about 3 hours, I just wrote up the post as soon as I was done with other work today.
"asking for the copied text to be removed, although I haven't received a reply and no longer expect to" => so you mean you lost all hope for an answer to your email within 3 hours? (;
Well after my payment didn't show up, I put 2 and 2 together and concluded (clearly incorrectly) that the site didn't actually work. :)
The timing of all of this is rather unfortunate, because I am currently on a boat on vacation with limited wifi. I have updated the copy of the website and will continue to make changes to it in the near future.
Well to be fair, it doesn't actually work. He did say he does it manually.
To be clear, you had a problem and didn't get a response from customer service within 3hrs so concluded the entire website was a scam?

To me that sounds even more reckless than anything that site did.

You still haven't addressed the fact you copied shit from his website verbatim, dude.

WebAssembly can't come soon enough.

If you're having to manually update transactions, that might be worth mentioning on your site.
You don't even need a working app or an original idea anymore to create an MVP. Just (literally) copy a competitor and do everything manually on the backend. When you make enough money you can pay someone to build it.
A few years ago, this happened to me as well. I filed a DMCA complaint with their hosting company and in a few days, the offending website was down.
You are lucky. In my case I received fake DMCA counter-notification from scammer and Google/FB asked me to go to court.
This post was published tomorrow?
Interesting. I have a side project exactly like this. I created it after I saw the need for this myself. I've never bothered to check the internet for competing services, but this kinda motivates me.
Here is Kevin's story: https://www.kcoleman.me/2017-05-2-case-study-start-a-saas.ht...

"For Anonymous BTC SMS, I found my inspiration from a uk based sms provider on Indie Hackers. I chose this idea, because I have made several SMS based apps and I knew I could test this idea out pretty quickly. The owner of that app also does a poor job of SEO and marketing online so I knew I could get in front of the right people."

I am concerned when considering developing a simple client-application to do it server side or client side. If it's javascript someone could just copy your source code. I don't use any libraries/frameworks right now so it would just be pure javascript/no dependency.

I am thinking of building something and if I did it client side I could avoid potential attacks if I'm not mistaken as no server-side storage/execution is involved. But that concern of literally right-click save page and reupload...

The tool is a put-something-in get something out sort of deal and can be done entirely client side with JS.

Also doesn't seem like it's anything "amazing" or "revolutionary" I just wonder if it's so easy to steal... ehhh cross that road when you get to it.

Just so I understand: You're just leveraging Twilio, and then upcharging the shit out of people for paying with BTC, correct?