Going offshore to escape the CFTC

Not always. AV/AM software are not built equally and new attacks and exploits are created and discovered all of the time. There are things that you can do to better-safeguard yourself, however. It is important that each person perform their own due diligence and employ effective safety measures. We live in a tech world and people need to be properly educated so that they can be better-protected.

I posted this link before, for generating strong usernames/passwords, but it contains a good overview of safe practices:

https://passwordsgenerator.net/

To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, and keep your online accounts safe, you should notice that:

  1. Do not use the same password, security question and answer for multiple important accounts.

  2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.

  3. Do not use the names of your families, friends or pets in your passwords.

  4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.

  5. Do not use any dictionary word in your passwords. Examples of strong passwords: ePYHc~dS*)8$+V-’ , qzRtC{6rXN3N\RgL , zbfUMZPE6`FC%)sZ. Examples of weak passwords: qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword.

  6. Do not use two or more similar passwords which most of their characters are same, for example, ilovefreshflowersMac, ilovefreshflowersDropBox, since if one of these passwords is stolen, then it means that all of these passwords are stolen.

  7. Do not use something that can be cloned( but you can’t change ) as your passwords, such as your fingerprints.

  8. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) to store your passwords, since all passwords saved in Web browsers can be revealed easily.

  9. Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.

  10. Do not send sensitive information online via unencrypted( e.g. HTTP or FTP ) connections, because messages in these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS, SFTP, FTPS, SMTPS, IPSec whenever possible.

  11. When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a private VPN( with MS-CHAP v2 or stronger protocols ) on your own server( home computer, dedicated server or VPS ) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer( or a remote server of your own ) with PuTTY and connect your programs( e.g. FireFox ) to PuTTY. Then even if somebody captures your data as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer, they’ll won’t be able to steal your data and passwords from the encrypted streaming data.

  12. How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company’s server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.
    To check the strength of your passwords and know whether they’re inside the popular rainbow tables, you can convert your passwords to MD5 hashes on a MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is “0123456789A”, using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it? You can perform the test yourself.

  13. It’s recommended to change your passwords every 10 weeks.

  14. It’s recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software.

  15. Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.

  16. Turn on 2-step authentication whenever possible.

  17. Do not store your critical passwords in the cloud.

  18. Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it’s a good idea to check the popularity of a website with Alexa toolbar to ensure that it’s not a phishing site before entering your password.

  19. Protect your computer with firewall and antivirus software, block all incoming connections and all unnecessary outgoing connections with the firewall. Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.

  20. Keep the operating systems( e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux ) and Web browsers( e.g. FireFox, Chrome, IE, Microsoft Edge ) of your devices( e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet ) up-to-date by installing the latest security update.

  21. If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when you feel it’s necessary.

  22. If there are WIFI routers in your home, then it’s possible to know the passwords you typed( in your neighbor’s house ) by detecting the gestures of your fingers and hands, since the WIFI signal they received will change when you move your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases, it would be more secure if this virtual keyboard( or soft keyboard ) changes layouts every time.

  23. Lock your computer and mobile phone when you leave them.

  24. Encrypt the entire hard drive with LUKS or similar tools before putting important files on it, and destroy the hard drive of your old devices physically if it’s necessary.

  25. Access important websites in private or incognito mode, or use one Web browser to access important websites, use another one to access other sites. Or access unimportant websites and install new software inside a virtual machine created with VMware, VirtualBox or Parallels.

  26. Use at least 3 different email addresses, use the first one to receive emails from important sites and Apps, such as Paypal and Amazon, use the second one to receive emails from unimportant sites and Apps, use the third one( from a different email provider, such as Outlook and GMail ) to receive your password-reset email when the first one( e.g. Yahoo Mail ) is hacked.

  27. Use at least 2 differnet phone numbers, do NOT tell others the phone number which you use to receive text messages of the verification codes.

  28. Do not click the link in an email or SMS message, do not reset your passwords by clicking them, except that you know these messages are not fake.

  29. Do not tell your passwords to anybody in the email.

  30. It’s possible that one of the software or App you downloaded or updated has been modified by hackers, you can avoid this problem by not installing this software or App at the first time, except that it’s published to fix security holes. You can use Web based apps instead, which are more secure and portable.

  31. Be careful when using online paste tools and screen capture tools, do not let them to upload your passwords to the cloud.

  32. If you’re a webmaster, do not store the users passwords, security questions and answers as plain text in the database, you should store the salted ( SHA1, SHA256 or SHA512 )hash values of of these strings instead. It’s recommended to generate a unique random salt string for each user. In addition, it’s a good idea to log the user’s device information( e.g. OS version, screen resolution, etc. ) and save the salted hash values of them, then when he/she try to login with the correct password but his/her device information does NOT match the previous saved one, let this user to verify his/her identity by entering another verification code sent via SMS or email.

  33. If you are a software developer, you should publish the update package signed with a private key using GnuPG, and verify the signature of it with the public key published previously.

  34. To keep your online business safe, you should register a domain name of your own, and set up an email account with this domain name, then you’ll not lose your email account and all your contacts, since your can host your mail server anywhere, your email account can’t be disabled by the email provider.

  35. If an online shopping site only allows to make payment with credit cards, then you should use a virtual credit card instead.

  36. Close your web browser when you leave your computer, otherwise the cookies can be intercepted with a small USB device easily, making it possible to bypass two-step verification and log into your account with stolen cookies on other computers.

  37. Distrust and remove bad SSL certificates from your Web browser, otherwise you will NOT be able to ensure the confidentiality and integrity of the HTTPS connections which use these certificates.

  38. Encrypt the entire system partition, otherwise please disable the pagefile and hibernation functions, since it’s possible to find your important documents in the pagefile.sys and hiberfil.sys files.

  39. To prevent brute force login attacks to your dedicated servers, VPS servers or cloud servers, you can install an intrusion detection and prevention software such as LFD( Login Failure Daemon ) or Fail2Ban.

2 Likes

Yes, but best to use at least 2 of the leading products, as no single
one covers everything. This is an area which requires constant
diligence and some research on which malware scanners are
best.

However, your top security situations should not be vulnerable
to the theft of primary credentials. A secondary authentication factor
should always be required, especially when money is involved.

[EDIT] previously I recommended for Windows users, KeyScrambler
so I’ll just repeat that here to help avoid Key Loggers being successful.
A review is here:

[WARNING] this is security software, so make sure you get it from the original
authors, and the site is here:
https://www.qfxsoftware.com/download.htm

hyperscalper

2 Likes

I’m using them atm. Better than BitMex no problems so far. They just moved to Switzerland apparently.

Roubini stated:

BitMEX insiders revealed to me that this exchange is also used daily for money laundering on a massive scale by terrorists and other criminals from Russia, Iran, and elsewhere; the exchange does nothing to stop this, as it profits from these transactions.

This really irks me. Bitmex does not even operate using fiat. Unless these so-called terrorists groups are laundering money as liquidity providers, there is no other way, to my knowledge, that they could even do so since the site does not even handle real currency. Also, if these so-called groups are laundering money as liquidity providers, they are still operating using cryptocurrency, so the money does not even need to be laundered! AND even IF this is still the case and there is something that I am overlooking, this has NOTHING to do with traders!

3 Likes

Thanks for asking this, interesting answers to something I was not sure about.

3 Likes

IF they are probing CFTC then it spells really bad news. I don’t need to tell the veterans of this forum how bad the CFTC is. They will do things and whatever they can stick to Bitmex becomes precedent and it WILL become backblow that affects any broker including FXchoice who operates with bitcoin. I have avoided bitmex, but as we well know KYC is bad news for us. Roubini’s motives and the CFTC motives are absolutely ocrrupt just like Dodd Frank was corrupt. It’s very clear Dodd Frank was an intentional offront to retail competition and capital flight, a pork barrell tactic to consolidate regulatory control in favor of privileged wallstreet firms. They have an even more personal vandetta against crypto than they do forex. You;'ve got Trump and Mnuchin coming right out and saying it.

As I’ve pointed out, there are no indications of the CFTC allowing Eris X, SeedCX , Baakt, or LedgerX to offer ANY leverage for bitcoin. And they are bannng altcoins. It’s extremely adverse for American trying to participate in the global opportunity.

1 Like

Sadly, the majority are clueless and will likely believe whatever lies are spewed as justification for going after BitMex and similar groups. Saying that BitMex is used by terrorists to launder money is such an absolute joke. It’s not even possible to launder money on BitMex since they only operate using crypto and crypto in of itself does not need to be laundered through trading. Anyone that knows anything about cryptocurrency knows how laughable this is. Complete nonsense.

This is little different than Americans sneaking into Canada for cannabis, where it is legal. Then, the US government trying to fine Canada and shut them down because Americans are hopping the border to obtain something that is perfectly legal. The Americans are not bringing the cannabis back to the US or selling it or anything, they are just enjoying the freedom that is not afforded to them in their home country. The Americans are not actually doing anything illegal, but since it is not allowed in the US, our government feels that they can strong-arm Canada by telling them what they can and cannot do, then telling everyone that Canada is funding terrorists through their Cannabis sales so that they will look justified for going after Canada.

This analogy is just an example, but as insane as this sounds, it is really little different than what is actually happening. What is actually happening is even worse because BitMex and other groups are actually trying to keep Americans from using their services and have even shut accounts down for suspicion of US residence. But this is not good enough for the likes of the CFTC, evidently.

Are you trading with fxbrew? I want to open a live account but I’m not seeing any post about withdrawals from anyone. Don’t want to loose any money.

heads up too. The G7 wants to backdoor the bitcoin network itself. They ultra nefarious intentions. Let’s just be blunt about it. They know bitcoin is unsiezable and uncensorable, so they want to essentially tantamount infect it, presumably take over and infilitrate the network with full nodes and a combination of smart contracts on backdoored software wallets so they can track and seize everything.

I’m not speaking lightly when I say that the DEX have to come asap. I’m not saying it lightly that forex and commodities will have to be tokenized onto the blockchain.

"Replace SWIFT with a global crypto payments network?
Citing an anonymous source, a Reuters report published on July 18 claimed that the country’s push for the network is motivated by a resolve to combat money laundering more effectively.

While plans are being kept firmly under wraps, the source alleged that Tokyo hopes to have the network established within the next few years.

Plans for the network were reportedly initially proposed by Japan’s Ministry of Finance and its national regulator, the Financial Services Agency (FSA).

The prospective network has been approved for oversight by the Financial Action Task Force — a G7-initiated intergovernmental organization that promotes legal, regulatory and operational measures that aim to fight money laundering on a global scale."

You can use “search” to find posts related to FXbrew on this forum.
There were a few posts mentioning sucessful withdrawals from FXbrew.

Trading Just got harder for oanda customers: i receive this email today

Dear James,

Beginning August 16, 2019, we will be changing our “first in first out” (FIFO) order handling. After this change is in effect, all orders of the same currency pair in the same sub-account must have a unique size if they have a take profit (TP), stop loss (SL) or trailing stop (TS). This will not impact orders that do not include a TP, SL or TS, unless another order of the same size is already open in the sub-account with a TP, SL or TS.

After August 16, 2019, if you attempt to enter a market order with a condition that violates our new FIFO policy, you will see error messages in our fxTrade Web, Mobile and Desktop platforms explaining the violation and instructing you to change the order size. In MT4, users will receive an MT4 message whenever an order is canceled due to OANDA’s FIFO policy.

For more information and to see some examples of what this change will mean to your trading, visit our FIFO information FAQ.

If you have any questions, please contact our client experience team anytime markets are open.

Kind regards,
The OANDA team

WTF is that about? Wow, what was the original rationale for FIFO
anyway ?? Why was it such a big issue to enforce? More of a rhetorical
question than one requiring an answer…

So is there still the option of “hedging” the same instrument by
using a separate account if that is what you want to do ??

[EDIT] I never “hedge” like that anyway. An opposite side order
of the same size is the same as closing that order. However,
I can see that an opposite side order for a significantly larger,
or smaller size, has the effect of “modulating” or perhaps even
reversing net position… I can see that. But I break up positions
into individual fills (all in the same trade direction) so I can modulate
position size by closing one of them, for example.

hyperscalper

1 Like

my oanda account is no longer funded all my funds are now offshore. i don’t understand what they doing and how that works out

EDIT: this statement baffle my mind

" After August 16, 2019, if you attempt to enter a market order with a condition that violates our new FIFO policy, you will see error messages in our fxTrade Web, Mobile and Desktop platforms explaining the violation and instructing you to change the order size. In MT4, users will receive an MT4 message whenever an order is canceled due to OANDA’s FIFO policy."

for me i adjust my order size base on my account balance now they wanna tell me what size lots i can use, WTF is going on

1 Like

My Turnkey Forex demo account stopped working today (froze up) and there is no live chat available either. Is anyone else having trouble with Turnkey today? Thanks.

I did try to send them a couple of messages but it will take awhile to hear back.

Using a Forex account right now; no problems.
[EDIT] not using Demo, though… sorry.

hyperscalper

“a Forex account” or a “Turnkey Forex account”?
I am having no probs with the Trader’s Way demo

any more info on cryptorocket if so can you tell me your experience

Good so far. I periodically hit them up with questions and I always get an answer back fairly quick. They claim 24/7 and so far that stands true. I like to contact them on the weekend. Deposit was fast and account setup was fast. Very low spreads and they offer a variety of products. Commissions is $6 though which is why I only use them as a backup. Coinexx is still main with their low commissions. If something happened to coinexx then CR would be my next go to. Withdrawals have been good too. No issues so far.

1 Like

are withdrawal same day like they claim, i like to use them for my income account to withdraw every week, this account will be like 10k and everything over that i withdraw every week putting my account back at 10k

I’ve withdrawn twice and it was same day

1 Like