Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Robert Graham 𝕏 Profile picture
@ErrataRob
Dec 15, 2022 52 tweets 21 min read Read on X
Scrolly
1/ Okay, time to use a Visa gift card and a disposable e-mail address and explore the technical details behind this "Trump NFT". I'm posting this thread to Twitter even though I suspect most followers are Mastodon (meaning, 280char limitation).
2/ As usual, they have a privacy policy that states "your privacy is important" and "we can and will violate it for any reason".
I'm using a separate email address to track in the future when they sell my private info. I expect to get Trump campaign ads to this address in 2024.
3/ Their main website has a FAQ.
This isn't campaign related (they rightly fear campaign finance laws).
It's possible they already paid Trump Org a lump sum, regardless of how many they sell. Trump's Organization makes most of its money simply licensing the Trump name.
4/ I have now bought one. A $100 gift card was rejected due to "insufficient funds", but a $300 gift card worked.
It's been over 10 minutes, and I still haven't received the NFT in the email.
5/ Here's a news story with some details on what's going on.
coindesk.com/web3/2022/12/1…
6/ The contract is public on the Polygon blockchain (a sidechain of Ethereum with dramatically lower transaction fees popular for NFTs).
As we can see, roughly 23 thousand (out of a total of 45,000) have been minted so far. An hour ago, it was 22 thousand.
polygonscan.com/address/0x24a1…
7/ One of the reasons I'm doing this thread is to answer this question. You can either use a wallet OR buy with credit card. But your NFT is only meaningful if you have a wallet, so what happens when people buy with credit card without a wallet???????
8/ After about 20 minutes it finally arrived in my email inbox.
Before I bought the NFT it had me create an account with a company called "web3auth", which in turn created a web-accessible wallet with "tor.us".
In other words, it created a wallet for me.
9/ You all can view my NFT. It's on the Polygon blockchain. OpenSea is the most popular way of viewing/trading such things, but since NFTs are a standard contract on a blockchain, anything can be used to view/trade them.
opensea.io/assets/matic/0…
10/ So what did I get for my $99? What I got were these three things:
1. Matic (aka. Polygon) blockchain
2. contract identified as 0x24A11e702CD90f034Ea44FaF1e180C0C654AC5d9
3. token #22884 in that contract

I now have control over token #22884.
opensea.io/assets/matic/0…
11/ It appears the token was minted and assigned to my wallet almost immediately -- it just took 20 minutes for the email to arrive informing me of that fact.
12/ Using a blockchain explorer for that contract address, I can enter the token #22884 and see what it points to. It points to this URL.
That's what an NFT points to. It doesn't even point to an image, it points to a URL.
If that URL disappears, then the NFT points to nothing.
13/ What at this URL? The image? Nope -- it's metadata about the image.

cards.collecttrumpcards.com/data/22/22884.…
14/ That metadata finally points to a URL of the image.
But the website can change that image any time it likes.
One of the thing cypherpunks like to do is mint NFTs where the website returns different images depending upon what you use to read the NFT.
cards.collecttrumpcards.com/cards/3b96f1cd…
15/ There are ways of creating fully decentralized NFTs, using the cryptographic hash of the image accessible via such things as IPFS or BitTorrent.
But most choose to centralize the NFT, defeating the entire point of using a blockchain.
16/ According to the FAQ on the CollectTrumpCards.com website, it's randomly assigned which image you'll get for your token. Some images have only 2 tokens that'll match them, some up to 20.
That implies at least 2,000 distinct images.
17/ But even then, the images are built from re-used components, like my token #22884 and token #22891. Swap the background, add a hat, and you have a "new" image.
18/ So the answer to this question: they are all different, but they are all the same.
19/ They are up to token #26443 so far. You can compare this to the tweet above from an hour ago to see that around 1000 have been minted in the last hour.
Note: they could be "minting" them but not actually selling them.
20/ If you are a hacker like me, this is the first sort of thing you'll think of -- just download all the NFTs and their metadata from the website:
21/ As you can see, the elements in mine are the most common, with the character="Blue Suit Finger Point", face="Smile", hat="Red Golf"
22/ Since the URLs exist regardless of what's on the blockchain, you should be able to download all the future ones, find the rarest, then time your purchase just right to snag a rare one. They've though of that: the URL isn't active until the blockchain mints it:
23/ Even single-line scripts have bugs:
24/ I'm stupid. It seems that OpenSea already tracks these traits so I don't have to write a script to do it myself. It's right there in the URL if I just read the webpage instead of diving straight into code.
opensea.io/assets/matic/0…
25/ As this person politely points out (thanks for the compliment), this is indeed a common thing for NFTs. Though only for a certain class of NFTs, not as they imply, all NFTs.
26/ As Adam points out, yes, sometimes people get prosecuted for simply editing a URL to get to things that may not be intended, and writing small scripts like that simply increment the number.
The courts haven't yet figured out whether it's actually a crime.
27/ Intentional "unauthorized" access is crime.
But if they put something on a website publicly accessible with no password, is it "unauthorized" for the public to access it?
Or maybe it's only authorized if average users can access it, but not if it requires techies w/ a script?
28/ Uh, I just now logged into that wallet they created for me -- and the NFT isn't there.
The NFT was assigned to the wallet: 0x04Ceb...f9786
The wallet they created for me is: 0x7b59...f58f8

So I don't actually have the NFT I supposedly own.
29/ This could only happen paying with a credit card, something failed in the backend creating the virtual wallet. Had I used a real crypto wallet, this probably wouldn't have occurred.
They do have support, so I entered something. But they have no trouble ticketing system.
30/ Ok, solved (thanks @mvaneerde).
1. go to app.openlogin.com
2. "View Authorized Apps"
3. Click on that tiny blue download button in the bottom right
4. this downloads the PRIVATE ethereum key
31/ Next, using any wallet, import the key. I'm just going to use the online wallet they gave me. Click on the settings thingy in the upper right and "Import Account", and paste that private ethereum key.

Then you'll see it's found your "Collectibles" on the blockchain:
32/ This Torus Wallet doesn't allow me to do anything with it other than transfer. But the NFT is on the blockchain. I could in theory import the Ethereum private key into any wallet. In practice, they don't make it easy.
33/ So what if you want to sell it? The easiest way is probably just using opensea.io. Go to the website and hook it up with your tor.us wallet above. Just go to OpenSea, even without creating an account, go to "profile" and connect to Torus.
34/ After going through the authentication, you can now click on your NFT and sell it. There are already offers for it. I can just accept this offer and it's sold, getting Ethereum deposited into my account.
35/ I think these offers are purely within OpenSea (not on the blockchain). Let's accept one and see what happens.
36/ The problem is that OpenSea needs some funds (a tiny amount) to complete the transactions. Every transaction on the blockchain costs coins. So it needs a small amount to start the transaction.
So I have to add like $5 to my wallet.
37/ I'm struggling through the various providers. They don't seem to want to accept my anonymous debit cards.
38/ I backed and tried the transaction again from scratch. (It's not logical it should cost ETHER). I keep bouncing from between OpenSea and the Torus wallet telling them it's confirmed/authorized, with both of them popping up errors that I ignore.
39/ I've got all these windows open trying to get this thing authorized. I'm not sure exactly what was going on between Torus and OpenSea. I'm sure it means something can get hacked in there.
40/ I could complete the transaction because somehow Torus dropped $5 worth of the MATIC (meaning Polygon sidechain) token into my account. I have to figure out where that came from and why. I couldn't actually buy any with my debit cards.
41/ But anyway, a person named "lululemons" is now the proud owner of the NFT I bought.
42/ Anyone can see the transaction on the Polygon sidechain:
43/ Using some tool to explore the blockchain, you'll see this data. You can see the small transactions for the various contracts involved, plus the $42 worth of Ether transfered to me.
polygonscan.com/tx/0xb9b3398f0…
44/ And and separate part of the transaction is the NFT going the other way to the buyer, at the bottom of this screenshot.
45/ The various transaction fees involve paying contracts. Using my private key (using Torus), I've told my NFT to allow a specific OpenSea contract to trade the token. That contract in turn works with the buyer's tokens, because the buyer authorized.
46/ That OpenSea contract then does the swap on the blockchain. Note that it's the OpenSea contract that does the exchange, completely decentralized. It's a contract that some time in the past that OpenSea posted to the blockchain.
47/ Anybody can use that same OpenSea contract to swap NFT tokens for Ether tokens. Even if OpenSea disappears, we can still use that contract, becuse it's still on the blockchain. However, I suspect part of the rules in the OpenSea contract is to send them a fee.
48/ Annoyingly, the Torus wallet shows my account balance hasn't changed. But, using a blockchain explorer, I do see that I've got the $36 of Ether at my blockchain address.
49/ I apologize for being confused: I know the theory, but don't have much experience with practice, because NFTs are scams so I've avoided the whole thing :-).
50/ But the key thing from this thread is that I've successfully bought AND sold a Trump NFT. It's not simply watching the process of getting an NFT, but also the process of getting rid of it. It's cost me about $70 :-)
So here's a great thread on where some of the artwork came from.
52/ Blame these people for this thread, btw. They make me do bad things.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robert Graham 𝕏

Robert Graham 𝕏 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robert Graham 𝕏 Profile picture
Jul 21
I don't want to get into it, but I don't think Travis is quite right. I mean, the original 25million view tweet is full of fail and you should always assume Tavis is right ....

...but I'm seeing things a little differently.
🧵1/n
2/n
 DON'T TRY THIS AT HOME

I'm a professional, so I can take the risk of disagreeing with Tavis. But this is just too dangerous for non-professionals, you'll crash and burn. Even I am not likely to get out of this without some scrapes.
3/n
 To be fair, we are all being lazy here. We haven't put the work in to fully reverse engineer this thing. We are just sifting the tea leaves. We aren't looking further than just these few lines of code. Image
Read 14 tweets
Robert Graham 𝕏 Profile picture
Jun 18
The reason IT support people are so bitter is that YOU (I mean YOU) cannot rationally describe the problem:

You: The Internet is down
IT: How do you know the Internet is down?
You: I can't get email.
IT: Is it possible that the email servers are down and the Internet is working just fine? Can you visit Twitter on your browser?
You: Yes, I can visit the twitter website.
IT: Is there any reason other than email to believe the Internet is down?
You: The last time I couldn't get email it was because the Internet was down.

The fact that IT doesn't call you a blithering idiot on every support call demonstrates saintly restraint, even if a little bit of their frustration leaks through.
A lot of good replies to my tweet, but so far this is the best:
I very much like this rebuttal. I was think of "driving a car" analogy, but this tweet says it much better.
Read 5 tweets
Robert Graham 𝕏 Profile picture
Apr 12
Uh, no, by any rational measure, only Trump has had respect for the forum.

Televised debates aren't about "debate" but charisma and media training, where they craft an answer regardless of whether they believe it.

Trump is the only candidate who gives sincere answers.
Trump is pure evil, the brutality of his answers appeals to ignorant brutes who reject all civilized norms.

But the yang to Trump's yin is a liberal elite like Rosen whose comfortable with the civilized norm of lying politicians who play this game of deceitful debates.
To be fair, Biden (and Obama and Bush before him) have stood up for important democratic principles, the ones that Trump flatly reject. But still, the system has gotten crusty. There's no reason to take presidential debates seriously as Rosen does.
Read 4 tweets
Robert Graham 𝕏 Profile picture
Mar 21
I've read through it.

It's the same as all Ben Cotton's analysis's, looking for things he doesn't understand and insisting these are evidence of something bad, that the only explanation is his conspiracy-theory.

I can't explain the anomalies he finds, either, but in my experience as a forensics expert, I know that just because I can't explain it doesn't mean there isn't a simple explanation.

For example, he points to log messages about mismatched versions. I know from experience that such messages are very common, I even see them in software that I write. It's the norm that when you build something from a lot of different software components, that they will not be perfectly synchronized.

That he would make such claims based solely on log messages of mismatched versions proves that he's really not competent -- or at least, very partisan willing to be misrepresent things.
In particular, I disagree with his description of these files. In the C#/.NET environments, creationg of new executables is common. In particular, these are represent web server files. It's quite plausible that as the user reconfigures the website, that these executables will be recreated.

I don't know for certain. I'd have to look at Dominion in more detail. I just know that if any new C#/.NET executables appear in the system that they are not automatically new software.Image
The certification process looks haphazard and sloppy to me, so it's easy for me to believe that uncertified machines were used in elections.

But nothing in Ben Cotton's report suggests to me that this happened. He's not looking for an explanation for the anomalies he finds, he already has an explanation, and is looking for things that the ignorant will believe is proof of that explanation.
Read 4 tweets
Robert Graham 𝕏 Profile picture
Feb 16
This is an incredibly important article and Charlotte Cowles (@charlottecowles) should be praised for writing it. Everybody should read it.


People laughing at her for getting scammed are missing the point, such as what the following picture does. thecut.com/author/charlot…
Image
No, I wouldn't have gotten scammed like her. For one thing, I believe every phone call is a scam, either a criminal one, or some vendor trying to waste my time getting me to pay for things.

But I hate to think what I might fall victim to.
The only real defense is reading articles like the one above. Forget advice about what you should/shouldn't do told to you in a vacuum, instead, read about such stories about what sorts of scams actually happen in the real world.
Read 5 tweets
Robert Graham 𝕏 Profile picture
Jul 5, 2023
🧵1/n
I'm trolled by this thread. So here's my response.

But before that, I want to point out that it's by questions that we come to understand the world. There are no stupid questions. Well, there are, but it's by asking them that we get smarter.

Also, there is a lot of disagreement among economists and bankers about the cause of post-pandemic inflation and what best to do about it.

There is also a lot of disagreement among the podcaster/pundit classes. Most answers to this question come from people regurgitating their favorite podcaster/pundit.
2/n The thing that trolls me is this tweet in that thread. They say "Understood", but I don't understand, because they mention two largely unrelated concepts: short-term inflation and long-term inflation.

It's been know since Roman times that creating money causes long-term inflation. They didn't have the sophisticated understanding we have now, but they did notice that when they debased their coins (reducing gold content, putting more coins in circulation) that the value of the coin went down and consequently, the number of coins need to pay for the same good increased.

Short-term inflation can be caused by a number of things, such as the business cycle overheating, or economic shocks, both of which we've seen post-pandemic.

Such short-term inflation is then followed by short-term deflation, as it needs to bounce back to the long-term rate. For example, in 1932 we saw 10% deflation. This is considered more damaging than inflation, because it causes people to hoard cash under their mattresses, because they know that a year later, it'll be worth 10% more. In other words, deflation causes what's essentially a Ponzi scheme.

Since then, we've largely "tamed" the business cycle. Raising interest rates at the peak prevents short-term inflation, lowering interest rates after the recession prevents short-term deflation. But raising interest rates can trigger recessions, so people

So this tweet below seems to confuse two different concepts, raising interest rates to lower short-term inflation, and the cause of long-term inflation (printing money). By "Understood" I think they mean they've heard of such things, not that they understand such things.
3/n This tweet continues the confusion. The central-bank doesn't raise interest rates to combat long-term inflation (increases in money supply), primarily short-term inflation (overheating, shocks).

With that said, the money supply has increased. The major economies printed money during the pandemic to avoid a collapse of the economy, and that's going to result in long-term inflation.

This is seen in the two graphs below for the UK and the US.

The rough consensus among economists is that three things contribute to the current inflation: this increase in money supply, economic shocks caused by the pandemic, and the post-pandemic pent-up-demand overheating the economy. I say "rough" because I haven't found any good papers proving this. I suspect they don't really know and are just guessing.

Raising interest rates should deal with the two short-term contributors to inflation.

The point is: the person confuses long-term inflation (where historically, interest rate manipulation isn't used to deal with it) and short-term inflation (handled by interest-rate hikes).



Image
Image
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(