I struggle with sleep. Among my most frustrating sleep-related problems is my inability to fall asleep once I start anticipating having to wake up. Once my alarm is set, I start thinking of the reducing amount of time I have to sleep. I find myself counting down the time to the point that it makes me anxious. I’ll start worrying about how tired I’ll be if I don’t fall asleep and it becomes a self-fulfilling prophecy. It’s so frustrating and I haven’t found a solid solution for it yet. Apparently I’m not alone. I’ve seen some posts refer to it as “alarm anxiety”. That said, aside from the usual sleep hygiene tips like hiding the alarm clock, breathing exercises, and meditation, there seems to be no magic solution – and that grinds my gears.
How the Problem Manifested Itself This Time
Just today I faced a particularly frustrating case of this. This week I had a string of family events for three days in a row. I haven’t been feeling so hot lately and really wanted to sleep last night to feel healthy for today’s event. I arranged for myself to be able to get 7h of sleep. It took me about an hour to fall asleep. Next thing I knew, my partner’s alarm clock was waking me up. Unfortunately, they took a while to silence it and by the time they did, I was fully awake. They had set their alarm for almost 2h earlier than I had set mine for.
Frustrated, I lied there trying to sleep in vain only for my alarm to sound 2h later while I was still lying there awake. During those 2h I tried breathing exercises, listening to a relaxing podcast, different positions, but nothing helped me get back to sleep. I couldn’t stop the nagging thought I was about to lose 2h sleep and it seemed to feel totally outside my control which frustrated me. Now, I’m writing out of frustration because I feel too tired to go about the rest of my day’s plans and I can’t shake the feeling that I lost a full day of my weekend.
It Happens Often Enough in Multiple Contexts
I get this in other contexts as well. On the weekends, for example, I tend to take advantage of being able to sleep in. By the time Monday rears its head, I find myself struggling to fall asleep just because I know I’ll be needing to wake up to be ready for work by a fixed time again. It’s a frustrating way to kick off the week.
Another example is when I take an overnight flight. I think it’s the combination of feeling pressure to sleep so I don’t get sick/exhausted, knowing there’s a limited amount of time, and just being physically uncomfortable that makes it nearly impossible for me to sleep on a plane.
Anyone Figure this Out?
I’m really frustrated today because of this. I had to fight the urge to make my partner feel guilty for having woken me up early. Surely nothing good can come from that. There’s a part of me that seems to want to play victim and seek their pity for some reason. In reality, I should really just want the much needed shut-eye.
I know that if I need to sleep before an event or something, there are tricks I could take to ensure a decent night’s sleep. For example, I can pop a sleeping pill, take a warm bath, meditate and stretch beforehand, and more. The problem is, something it feels too late to employ these strategies, e.g. when I woke up today within a 2h window of when I’d have to wake up, I could have meditated and stretched during that time, but it’s also hard to know whether I could have fallen asleep without doing such things which would have maximized my slumber time. There’s no guarantee these strategies would work either and they could just eat up precious sleep time. If anyone has recommendations to solve this problem, I’m all ears!
The crypto space is one I am extremely passionate about. Like the web, it moves at breakneck pace and given that it’s still in some early stages as an industry, many people find opportunities to prey on those that might not know how to protect themselves yet.
Here is a story of how I nearly fell victim to a crypto scammer over Telegram.
About 2 years ago, I took part in an airdrop for a token called DAG which was issued by the team at Constellation Network. They issued me 1,000 DAG tokens to my ETH wallet. At one point, they underwent a token swap and I had to send my tokens to a portal they dubbed “Orien”. I spent about $5 in ETH gas fees to execute the transfer and my tokens remained locked there. When the unlock period was over, I went to claim my swapped native DAG tokens, but the portal was broken and today it no longer exists. Constellation Network continues to exist and so does the token, but for whatever reason, they killed off that portal and a bunch of us lost our tokens. I thought I might be able to get them back, but I asked in their Telegram community and they confirmed pretty quickly that I should kiss my tokens goodbye. It sucks, but I got over it pretty quickly. I mean, they were only worth about $10.
In Come the Scammers
About an hour later, I get a private message from “CONSTELLATION OFFICIAL”. Their part went like this:
CONSTELLATION OFFICIAL, [04.10.20 04:11] CONSTELLATION COMMUNITY
Hello,
Administrative support on to you
DAG now has it’s own blockchain, the swap window of erc20 DAG to mainnet DAG tokens is now closed. The swap process was made available for a long period of time,we informed community,gave a deadline date and re-opened the swap window for a second time.
Why did you fail to undergo the swap process?
[I explain my situation to them in detail]
Speak with the technical director @ANATOLLY_DONTWORRY
Explain to him and follow the instructions he’ll be guiding you through.
So nice, here I thought my $10-worth of shitcoins was forever lost, but these kind support folk are willing to invest me in me to get back what’s rightfully mine! Let’s talk to Anatoly.
The conversation with “ANATOLY” was much longer and involved, so I’ll just give you the tl;dr. Basically, I describe to him what I had told “support” already and tell him that it had been escalated to him. He kept asking me for more about the account I had sent my airdropped tokens from, and each time I made sure to provide him with whatever info I can to help move things along.
Finally, he tells me that in order to recover the tokens I “will have to generate the account extended public keys of this wallet”. He went on:
To proceed with the extend public keys for the first, you have to go to the public keys page: www.publickeysindicator.com
ANATOLY the Scammer
He tells me to follow his instructions and was kind enough to send me this professional-looking guide of how to fill out the form:
He tells me:
Firstly change words to the number of phrases you have The second part of it, you are to input your mnemonic phrase of that of the first wallet Third part, change to eth After completing stage 1-3 your account extended public keys will be generated below Which you will be required to provide and send to the constellation email
ANATOLY the Scammer
I reply:
This tool will actually process my recovery phrase? That seems super risky, unless I’m missing something
Me, finally starting to wake up
He replies:
No it is only required to generate your extended public keys below which you are required to send to the constellation mail address after completing the process. You have nothing to worry about
ANATOLY the Scammer
I examine the website. I don’t want to link to it here since it’s obviously malicious, but the hostname is www.publickeysindicator.com. While I’m looking it over, he starts checking in to see if I’ve completed the form. I started to feel bad. I’m mean how lucky was I that their Technical Director was taking the time out of his busy day to recover my tokens and I’m holding him up! I tell him:
Sorry I was just trying to educate myself. I wasn’t aware of BIP39 and the concept of XPUB key. I just get sketched out whenever I need to provide a recovery phrase somewhere
He reassures me:
I have assured you, that you have nothing to worry about, it is just confirm your transaction and you are sending to our official mail. There is no way we will want to spoil our reputation. So you have nothing to worry about
ANATOLY the Scammer
I continue reading to make sure I know what I’m doing. I see this at the bottom of the page:
I check out the source code and at a glance it seems legit. I realize I can just run it locally. I download a local copy, disable my network card, try it with a fake seed, see that no network calls are attempted, try with my real seed, and alas it generated the value he wanted me to email them!
I go back online, and let him know I’ve compiled it from source and ran it offline just as a precaution. I told him this to justify why it took longer, and he replied: “Oh! I understand, not to worry it’s all fine”
The segment after this is lengthy, boring, and I’ll spare you the technical detail. In essence, he keeps telling he my account is invalid. I keep trying to communication that he only has my ETH public key and I hadn’t sent anyone my generated XPUB key and don’t understand what he is checking. This is when he tells me I need to run the tool “online”:
Are you doing the steps offline? Because it can’t give you same extended public keys as when you are online. You have to do it online. So it generate the accurate extended public keys
ANATOLY the Scammer
I entered a fake mnemonic phrase into the online tool and examine the network calls. Sure enough I see requests made to Google Firebase which include the Mnemonic phrase in the payload!
Now, I’m 99.9% certain it’s a scam. I look up his user details, and see this:
I don’t see much there that is problematic. So I check the support chat details:
Now, funny thing, I already denounced these people in the community channel and warned the room about them. Right before I grabbed the screencap above, the above user removed our chat history and changed their avatar. Before it was the Constellation Networks logo. Notice however, that their telegram username ends in “0124”. Sketchy. Why wouldn’t their real support not be able to get a more original username… I go back to the community chat and examine the pinned message:
Hmmmm… The guy I was talking to is actually listed as an admin. Odd… I click on his name to make sure it’s the same guy, and sure enough it took me to a fresh new chat with the real Anatoly! The one I was talking to had two “L” in Anatoly while the real one has one “L”. Easy difference to overlook when you’re just looking to quickly get back $10.
I provided a warning to the community and sent this to the scammer:
I hope that your life situation improves to the point where you won’t feel the need to waste your limited time on this planet trying to swindle others.
My victory speech
Now, I’m writing this because I have many years of experience in tech and still came pretty close to being duped. Crypto and blockchain can be difficult to navigate sometimes and the UXs for the user-facing functionalities can be rather raw and require some technical skill to use intelligently. When the guy started throwing technically details at me I wasn’t familiar with, I started to think I was just in over my head in this case and considered just “trusting the expert” to move on with my day. Boy, am I glad I didn’t. Unfortunately, I feel quite confident the average crypto investor would fall for something like this, so I feel the obligation to share my experience in case it might help others. That website didn’t turn up any results of Google when I looked it up, so hopefully my article will surface now and help protect others.
What Did We Learn?
On Telegram, look up the profile of the person you are speaking to and examine their username. Check with the communicate to make sure they are an official representative. Misspellings are easily overlooked
Don’t use any online tools that ask for your private key or mnemonic phrase unless it’s software provided from an official trusted source
If you need to run operations on sensitive data like this, try running an offline copy you run yourself first. Examine the network requests made and try with dummy data first
Remain vigilant! There’s a lot of money in crypto and that attracts a lot of bad actors. Many of them are smart. Keep your guard up. If you are feeling lazy and ever find yourself tempting to forego doing your due diligence, pause and come back to it when you have more time and energy
Stay safe out there!
Now let’s have a moment of silence for my 1,000 lost DAG.
Update 2020-10-04
An awesome member of the Constellation team reached out to me and thanked me for working to protect the community and send me the amount of tokens I lost plus interest! That was very much appreciated. I look forward to see what comes of this fairly unique project in the space.
In my last post about my experiences with TD just days ago, I was simply trying to be able to spend my own business’ money again. Fortunately, I managed to get that resolved. Their claim is that when you have a two-to-sign policy on an account you cannot have access to an EasyWeb account with the ability to spend anything, including your taxes. Small businesses take note! For all transactions both signatories need to be physically present at the bank. Somehow, they allowed us to work that way for years, but when they renewed our cards they decided to revoke our full online access without telling us. Neat! Ultimately, we had to solve it by both going to the bank and removing the two-to-sign policy altogether.
Now that I have access to my account again, I look at the transaction history and see two charges of $1.50 with the description: “CHQ-Image Fee” on the 1st of the month. I write to them via secure messaging and they respond with the following:
TD’s First Reply via Secure Messaging
Thank you for taking the time to review your TD Basic Business Plan account and noticing this fee. I can certainly understand how confusing unexpected fees can be, considering you have not used any cheques for the month of August. I happy to help provide clarification regarding the Cheque Image Return service and fees.
The Cheque Return Fee (CRF) for $2.00 monthly is one of our convenient record keeping options which forwards printed digital images of the front of all cheques you have written during the month with your monthly statement. This fee is charged monthly, regardless of cheques are issued from the accounts.
If you feel the service is not required, it will need to be cancelled by changing your record keeping options, this can be done online, over the phone or in branch.
If you would like to remove this service, I would recommend you change your record keeping options on your EasyWeb to online statements. Via EasyWeb within Profile & Settings -> Notifications & Alerts -> Delivery Preferences.
**Please make sure you select the online only option NOT the online option with cheque return.**
**Please note that until you change your record keeping options, you will still incur the cheque return fee.
Note that I bolded the most relevant part above for emphasis
Now, notice two thing. First, the fee name they provide isn’t even the one on my account. Second, the fee on my account was for the amount of $1.50, charged twice, but they are talking about a $2 fee. Regardless, I look into the menu options they described, and, sure enough it doesn’t even exist. Naturally, I write this to them as a response and this is what they came back with:
Secure Online Messaging: Take Two
I can confirm that when an account type is changed, the statement delivery preferences does change and default to the option that offers all the services in one. That said, we are able to request copy of the cheque that is not recognized, however, we mail a copy to your address which may between 7 to 10 business days. This services offers instant access to all cheques written throughout the month.
I tell them I have no use for this service so I would like to stop paying the fees. Because the menu options they told me to use don’t exist, I asked them to cancel it. Here’s what they responded with:
Third Times A Charm? (Spoiler: Nope)
It appears that you are looking to change your statement delivery preferences for your small business chequing account. I believe there is some miscommunication, and I do apologize. To change your statement delivery preference off “Cheque Return” and not get charged $2.00. You’ll need to call TD Small Business, as the change is not available through EasyWeb.
Seriously? So, wanting to just get this silly item off my to-do list, I give them a call. What do they tell me? It’s not a monthly fee at all! Rather, they charge this fee whenever someone views a cheque. They explained that with our previous account type, they were waiving the fee. They told me very clearly before switching my account that the only difference is the number of transactions we could make. Argh!!
Told To Call Them, Once Again
Anyhow, I tell the support agent that I’m the only person actively using our account today and haven’t viewed any cheques because I write them all myself anyway and have no reason to go look at the cheques I wrote. As you can see in the written communication above, the agent actually said: “I can certainly understand how confusing unexpected fees can be, considering you have not used any cheques for the month of August”. The agent told me one of us must have looked at the cheques. I assured him we did not and asked when we accessed it. He asked me to hold. He came back and said he did not know and to let them know if we see the charges again. I reiterated that we never viewed the cheques, but he said there was nothing else he could do.
So, ultimately, what are we paying for? Who knows. We sure don’t and apparently neither does TD.
TL;DR
Here is a summary of all the things that went wrong:
We wanted to save on fees. TD told us we could downgrade to a basic account and the only difference is the number of free transactions. Once downgraded, we started getting random cheque-viewing fees. These fees cost more than half the new monthly account fee!
They misread what the charges are. Both the amounts they charged and the description
They led me to a menu to change an option that doesn’t exist
Once again, the online support agent tells me they are powerless to help me and I need to call them
Just like last time, the agent on the phone gave me very different information than the online agents
Phone agent claims we access cheques that we didn’t. The online agent even wrote that we didn’t even use any! The phone agent couldn’t find any evidence that we accessed it, but kept the charges anyway
Generally, I tend to be rather patient and understanding. Especially during the current pandemic, I appreciate any business that remains open to serve customers. Doing banking for my business with TD bank has made my life difficult enough times now that I feel the need to say something about it.
How it started
My online business has been losing steam lately. Looking to minimize expenses, I noticed that we were paying $19 per month for our TD business account. We really only use it to collect payments from customers, pay suppliers, and pay taxes. I suspected there must be a way to lower those high monthly fees since our account activity has been minimal. So, I reached out to TD and inquired about ways to save on fees.
First, I tried to resolved it online, but was told I’d need to call them. I ended up having multiple calls speaking with different people.
Finally, they told me to present myself at my branch in person with my co-founder. They said that the branch could downgrade our account to a $5/month plan without losing anything. Preferring to avoid going in person and dragging my co-founder along, I called back. I got another person and reiterated my preference not to go in person to avoid spreading the virus. They insisted that myself and my co-founder go in person due to our 2-to-sign policy. Fortunately, the agent offered me a tip. He explained that the employees working at the branch have more powers than the general phone support staff. So, I called the branch and alas I managed to downgrade my account over the phone. Awesome, right?
I received a new client card in the mail. It specified that I would need to make a transaction using my PIN to activate the client card. Receiving the card reminded me I needed to schedule a payment. However, when adding a payee (the government), the website told me I no longer had the required access! What?!
My radical dream: To be able to do what I’ve always done again
Once again, I called their customer support line. It turned out that when they downgraded my account they reset my account privileges. Consequently, I lost the ability to use my EasyWeb account to make payments! They gave me precise instructions that I confirmed. I would need to present myself at any TD with 2 pieces of ID. They told me to request “full access with point of sale”. Okay… A quick Google search showed me that there’s a single TD open on Saturdays in Montreal. Perfect! I hopped on my bike and rushed over to Westmount to get it done!
I explained my situation in person to the teller. First she replied that I should have access. Obviously, I replied that I don’t; otherwise I wouldn’t have made the journey over to see her. She said she needed to escalate it to her manager. She returned from his office and confirmed that there’s nothing she can do. Because we have a 2-to-sign policy, my co-founder and I would have to go to our branch, specifically. I protested that I’d been using the account for years. I’ve been the only active person in my business for years. She retorted that whoever gave me that permission initially must have made a mistake. She asked me to step aside so she could help someone else. Her manager came to see me and repeated the same thing.
The reason why I’m particularly pissed off is not just that they wasted my time. It’s also that the information I’m getting from their staff, once again, is inconsistent or incomplete. Due to COVID-19, most business have adapted their ways of operating to allow most work to be done online. This expensive bank, however, insists on making people go to different locations along with other people.
What’s really grinding my gears here
There’s a freaking pandemic. Why can’t the bank adapt like the rest of the world to stop making people show up in person? We’re already half a year into the pandemic
Why did they remove my ability to make payments once securely authenticated to my online account?! I can’t even pay my taxes online any longer. I’ve had that access for years
Assume it was a mistake allowing me to spend our own money online when they set up the account initially. Why didn’t any of the many employees involved warn me about losing that fundamental ability by downgrading my account?
The customer service rep authenticated me to access my account, she should have seen we have a two-to-sign policy. She also failed to inform me that I’d need to bring another person. She also stated clearly that I could go to any location to have the change made
The staff today realized that my account was initially misconfigured. I also made it clear that I was misinformed by the agent on the phone. Given this information, they made no effort to rectify the situation themselves. Also, would it not make sense for them to follow-up with the agent I spoke to? At least try to get aligned and see if someone is missing information. This would also prevent the further spread of misinformation since someone was obviously wrong. I really felt they just wanted me out because it was near closing time
Conclusion
All in all, I realize this isn’t a deplorable or noteworthy situation by any means. It’s an annoying inconvenience. I doubt anyone will even read this, frankly. I’m just irritated and feel annoyed. Why? Because I’m fairly confident I’m going to continue to bounced around before I can finally get this silly situation resolved. I mean, I’m just asking to be able to use my bank account to spend money again. I want to pay my taxes like I was doing a month ago! I’m aware that typically employees rarely care to make extra effort to ensure their business improves. So, I don’t think these employees are exceptionally bad either, but I find it super disappointing that TD has employees communicating different information depending on who you speak to over what medium or what location.
My PC was starting to slow down this evening. While investigating, I noticed that my disk space seemed to be on the low side so I decided to start with that. So, I used a Windirstat run to help me identify how my storage is allocated across different files. The results showed a massive 8.28GB chunk of storage allocated to something I didn’t recognize. Behold the offending file: C:\Users\<redacted>\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eiimnmioipafcokbfikbljfdeojpcgbh\000003.log. A quick Google Search for “eiimnmioipafcokbfikbljfdeojpcgbh” brings up the Google Extension Block Site.
Flabbergasted at the idea that a chrome extension with the trivial purpose of blocking sites you enter into a list would take up over 8 gigs of storage, I took to Google to look for other’s experiences with the extension. Sure enough, right on the first results page lots of warnings came up that it’s spy ware. I tried using PowerShell to tail a snippet of the file. Unfortunately, the contents appeared to not be in plain-text. So, screw it. Do not trust.
In the end, I’m not going to invest more time into investigating further. I’m sorry. I installed this to simply limit my brains attempts to distract itself on Facebook. There’s no way it should need that amount of resources. Ludicrous! So, I might just add a rule in my hosts file to replicate this simple tool’s main functionality. At least I can trust my hosts file… Right?!
If anyone else has a recommendation for an alternative, let me know in the comments. Without question, this extension will be an instant delete forever for me.
