When I looked at the plots in that report, I had the exact opposite impression.  The price at MtGOX increased by large discrete jumps every time "Markus" did his buys, but there did not seem to be an immediate echo of those jumps in China.  My reading is that "Markus" was merely doing arbitrage with China, buying cheap coins at MtGOX and seling them over there (presumably on BTC-China, which at the time had the largest volume).

Later, when "Markus" was replaced by the "Willy" robot, it became harder to tell who was leading.

Note that the bubble started two months after Huobi's opening and 4 months after OKCoin's.  The volume at Huobi grew steadily from ~130 BTC/day during September and October to ~30 kBTC/day in November, and the other Chinese exchanges had similar growth.   In November OKCoin had ~30 kBTC/day too, and BTC-China had ~50 kBTC/day, whereas MtGOX barely had dubled its volume to ~25 kBTC/day.

On Nov/18 and Nov/19 there were large spikes at those three Chinese exchanges; at Huobi and OKCoin the all-time high actually was on Nov/19.  The corresponding rises at MtGOX on those days were much smaller (the high was only 3/4 of the Nov/29 ATH).  To me, all these details (and common sense) are more consistent with China, rather than MtGOX, driving the November bubble.

Whether "Markus"/"Willy" was doing its thing with real dollars or with virtual "goxDollars", and whether its owner eventually got the money out of China, are separate questions.

The claim that *I* find absurd is that a single trader at MtGOX could pump the price up from 100$ to 1200$ over a whole month, all over he world, including the huge Chinese market -- and that the the price would stay at pumped-up levels, six months after MtGOX's collapse.

The reason why people may retain different opinions on some issue, no matter how much they debate, is that there are some things that one learns over an entire lifetime, that cannot be easily translated into words.  Because of that sem-conscious and diffuse prior knowledge, two persons can reach categorical but radically different conclusions from the same data, and neither can explain to the other why his conclusions are "obvious" to him.

How to recognize a scammer is an example of such unexplainable prior, it seems.

Obviously anyone who engages that "profession" must be very skilled at convincing targeted victims that he is honest.  Therefore, one cannot tell whether someone is a scammer by paying attention to what he says. One must note what he does (and fails to do), and to what he doesn't say.

I can't hope to convince anyone of my "fuzzy algorithm" for recognizing scammers.  But the first basic principle may be logical enough: If someone has got your money, and does not deliver the goods he promised to, you should assume that he is a scammer, until clear proof to the contrary.  From that point on, you should ignore all his claims, explanations, and excuses, unless they are confirmed by clear evidence or other sources that he cannot have manipulated.  Add more points every time that he refuses to give details or proof of his claims, every time he makes a promise and instead delivers another excuse, every time he avoids dialogue with curtomers or reporters.  There is more, but you get the idea.

Moreover, if a businessman failed his part of a contract and owes you goods or money, you should not waste time learning why he did not do it.  His failure, by itself, entitles you to take legal action against him.  That is why the courts are for.    If he has to borrow money or sell his car to make good on the contract, that is his problem, not yours. "Legal action" may vary depending on the country, e.g. it may be proper to report him first to the Better Business Bureau, or seek a small-claims court.

There are several "tools" that scammers use, like the "be patient, I am working on it, but cannot tell you the details now",  "I am under great distress because of personal/familiar problems", "I have lost a great deal of money with this incident myself", "we will resolve this issue whithin two weeks at most",  etc.  If he owes you 1000$, when you have almost lost the hope of recovering that money, he may tell you that, with much effort and personal sacrifice, he is returning 200$ to you -- betting that you will think "that nice fella rescued 200$ for me" rather than "that scumbag stole 800$ from me".

A scammer cannot be shamed into returning all the money he took from all his victims, no matter how much they complain, in public or in private.  Him doing so would make as much sense as a fisherman dumping all his catch back into the sea for pity of the fish, a gold miner burying back the gold that dug out.  Bad press does not bother a scammer.  He has no reputation to lose: there will always be suckers who will give him money without even googling his name, or who will believe his stories of how he was framed, misunderstood, whatever.  If he has any friends, they must be all amoral scoundrels like him.

If he perceives that some customers are about to sue him, or denounce him for fraud, he may refund them -- but only them. 

Unfortunately, victims of a scammer rarely get all their money back.  Bankruptcy and civil lawsuits will probably find that the business doesn't have any assets left to liquidate.  It may be necessary to criminally prosecute the scammer, for fraud or fraudulent management, in order to seize his personal property.

In order to pursue the legal route, clients must be able to prove their claims; but the scammer may have been careful to withold or invalidate the proofs, e. g. by not using his real name in the transactions.  (In any commercial exchange, the part who delivers first has the right to know the true identity and address of the other part, and should never deliver without that information.) 

Bitcoin payments are especially problematic in that regard, because the "bitcoin bank" does not know its customers' identities.  A minimally competent lawyer could point to a transaction in the blockchain, and convince the court that bitcoins are valuable property and the blockchain (unlike email, screenshots, or PDF files) cannot be tampered with.  However, how could he prove that the sending addres "belonged" to the client at that time,, and the receiving address belonged to the scammer?

In the end, it often boils down to the client's word against the scammer's word. Then the client's chances will be much better if there are many unrelated plaintiffs with similar claims.

Well, I asked here, some weeks ago, whether the TA patterns are suposed to be symmetrical -- that is, if pattern XYZ on the logscale plot suggests that the price will go up (or down), then the same pattern but upside-down suggests that the price will go down (resp. up).   

The conclusion, if I recall correctly, is that it depends on whom you ask that question to. 

Isn't there an upside-down "cup and handle" from May/30 to Jun/26?

Sorry for having brought that off-topic discussion into this thread.  Let me only say that real life is not like the movies. 

Another suggestion is: let the user select a rectangle with click-draw, then set the horizontal and vertical plot ranges to zoom into that part of the plot, automatically selecting the most detailed time interval that will keep the selected time span within the window.

I always wanted tsomething like that on bitcoinwisdom, but to know the total trade volume in some interval.

The weighted average price (in log scale) in the interval may be interesting too:

  exp( SUM { k : vol(k)*log(price(k)) } / SUM { k : vol(k) } )

where vol(k) and price(k) are volume and price of tansaction number k, and the sums range over the transactions in the selected time interval.

Nice analogy? A Colt 45 may give you a false sense of security, but in real life it rarely helps; on the contrary, it is a great tool for criminals... 

Thanks!

Sorry, I did not understand.  You meant myTrezor the supporting app/website? What "proof"?

You mean Cointerra is the manufacturer of the Trezor electronics?

Interesting number!

I could not find the total number of KL users (to translate that into percentage of hosts that are infected),  do you have this number?

As I said twice before, keeping your keys in a Trezor surely must be safer than keeping them in your PC or smartphone (or in an unencrypted text file in your Dropbox folder).

And "what I tell you three times is true". 

Hey, it was just free advice. 

But: the point is that relatively few criminals can physically forge or modify a Trezor, whereas any teenager could buy a real Trezor and preload it with malicious unsigned firmware that he got from his hacker buddy.  So, even if the second variant has a low probability of success (owners who ignore the warning), it may be the bigger risk in absolute numbers.

Aren't they in the MARKETS menu?

Good for you, but the "net fishing" class of criminals will be quite happy if even if only 5 of 100 people who got their Trezors with malicious firmware click "yes" and then enter their PIN.   They will not target you; they will aim for your grandmother and your 13-year-old cousin.

The fake Trezor (or the malicious firmware, signed or unsigned)  can be programmed to select from a small set of private keys that were pre-generated by the thief, instead of random ones.  Therefore, the criminal does not need to steal the fake Trezor back.  He does not even have to know the victims or in which country they reside.  He has only to place the fake/reprogrammed Trezors in the market stream somehow, and then watch the blockchain until some of those precomputed addresses receive enough bitcoins.

Criminals can replace photos on passports and forge dollar bills.  Surely can re-seal a plastic case so that it looks pristine.

You are asking for free security advice from someone who is not a security expert? 

But, whatever:

I think that it would be a bit safer if the firmware was all in ROM, so it could not be changed except by physically tampering with the device.  That may limit the useful life of the hardware, but this may be a good thing.

The case could have some intricate pattern hot-printed onto it, so that it would be harder to imitate and to re-seal after being cut.

Making a totally fake Trezor requires milling/molding tools, custom electronics, display, etc..  Not worse than making an ATM skimmer, but not so trivial either.  On the other hand, anyone with a PC could buy a legitimate Trezor and load it with malicious firmware.

A middle ground could be replacing or piggy-backing some chip in a legitimate Trezor, so as to override the standard bootloader and/or suppress the signature checking.  That would require faking only the outer case, or cutting it open and then closing it with invisible seams.

Will this

do?

If satoshilabs can sign legitimate firmware, a hacker or an insider with the right access could sign a malicious version too, or trick someone in the lab to sign it for him.

That compromised Trezor would not be able to provide valid signatures for payment transactions, but (like any ATM skimmer) could emulate a legitimate one well enough and long enough to trick the user into entering his PIN and passphrase.  (The account data, including balances, can be captured in the PC and used to load the fake Trezor.)

If the malicious firmware is installed before the first use, and the owner clicks 'yes' at the warning, the Trezor can provide him with an account whose private key is not generated at random but is fixed and known to the thief.  Think from there...

This last risk would not be much different in principle than the risk of the thief swapping the device during delivery for a totally fake Trezor, with malicious bootloader.  The  'soft' version would depend on a dumb user clicking 'Yes' at the warning, but on the other hand would not require mechanical skills, just the ability to re-seal the package.

Once again, signing transactions with a Trezor certainly seems safer than signing them in your PC or smartphone.  But one should not think that the risk is zero.  I don t think that it is yet the time to give one to mom for her to keep all her savings in.

I am a newbie here, but wasn't there a time when bitcoins were believed to be impossible to steal?