Author

Topic: Ask Ninja: Backup up PMs (Read 253 times)

hero member
Activity: 510
Merit: 4005
January 14, 2024, 05:42:48 AM
#13
It could be as simple as a checksum somewhere on the forum, like bitcointalk.org/pm.php?action=10924810. All it needs is to show a checksum. But that won't work once the PM is deleted.
Yup, something like that occurred to me, too. But, instead of calculating/retrieving a cryptographic hash based on some PM-identifier, it would instead confirm that a given hash is good (that is, that a PM with that hash did exist in the database at some point). There would basically only need to be one new database table that gets a hash appended to it every time someone sends a PM (and that table wouldn't be affected by people purging/deleting their PMs). There's some tricky stuff to consider about how exactly the hash should be calculated (some normalization stuff, and packing the subject and the UIDs of the sender and recipient(s) into the text to be hashed, etc.) but I don't see any real blockers (I mean, don't take that to the bank: I only really thought about this for ~2 hours something like 3 months ago, so when I actually sit down to code it I may bump into things that I either haven't considered yet or that I've since forgotten about).

Handling redaction (that is, confirming the authenticity of arbitrary fragments of PMs) messes up the simplicity of the above approach, and makes things pretty gnarly. I can think of a handful of ways to make it work, but one non-technical concern I have is people building cases against each other based on "verified" but out-of-context and/or intentionally-misleading PM fragments. On that basis, I'm tempted to avoid the redaction quagmire altogether and just stick to a simple all-or-nothing approach to proving PM authenticity.

I've had more recent ideas like adding a new BBCode tag (named vquotepm, or something) that would render in a different style/color compared to regular quote tags and that would be used to quote "verified" PMs (verified in the sense that the server confirmed the quote's correspondence-to-source before embedding a digital signature to that effect).

(And finally, my most recent thought is to not do any of the above, and just fold PM-authentication into PM-exporting: that is, when I get around to tackling that, I'll look into ways to allow the download of some kind of server-signed authenticity-proving data, too.)
legendary
Activity: 2212
Merit: 7064
January 13, 2024, 02:01:16 PM
#12
Didn't hard test it, so idk... Worked for my inbox/outbox. Grin
Well done!
That was ninja speed fast.
I can only imagine what you can make when you complete hard test after good night sleep.  Cool

Just a heads-up in case you do decide to spend time on this: I'm probably going to tackle adding native PM-exporting support to SMF sometime this year. I haven't got the details fully worked-out yet, but it's likely I'll add support for multiple file-formats (mbox included) and probably look into some kind of authenticity-proving mechanism, too.
You probably won't believe this, but after noticing TryNinja posting his quick solution exporting PM's, I had a though that he should join forces with you aka PowerGlove, and that would be a true bitcointalk Power couple  Wink
Best (public) devs this forum had ever since I joined the forum.


Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
January 13, 2024, 10:18:51 AM
#11
Allow a person to then edit the PM/file, redacting what they do not want public.  They could use a strikeout or some other code.  Then they repeat the process with you with a different option, or forward the PM to your bot, and you reparse.   You remove all the strikethrough, and compare the checksum.  If it's valid, you can re-save the file without the strikethrough and post the new checksum.
That could work, but it makes it easy to take things out of context. See what's left if you remove the strike through text here.

Redacted documents are used in court regularly without such fear.  Your example could come out as:
********** work, but ************************************************** strike ******** here.
not
work, but strike here.



legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 13, 2024, 09:48:14 AM
#10
Allow a person to then edit the PM/file, redacting what they do not want public.  They could use a strikeout or some other code.  Then they repeat the process with you with a different option, or forward the PM to your bot, and you reparse.   You remove all the strikethrough, and compare the checksum.  If it's valid, you can re-save the file without the strikethrough and post the new checksum.
That could work, but it makes it easy to take things out of context. See what's left if you remove the strike through text here.

Quote
You could make a commercial enterprise out of this.  Part 1 module for bitcointalk and Part 2 core redaction code.  It can even be secured further by using a cloud service so everything is alway encrypted even to you and your bot - no trust necessary.  Smiley
I wouldn't know how to create a bot that handled text without being able to read the text.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
January 13, 2024, 06:53:07 AM
#9
@Vod What was the practical use you had in mind for this type of solution?

I mentioned in my last post that I know there is a lot of valuable data people want to keep in those messages.  In case something happens to those messages, it would be nice to have a backup.

Quote
You can prove authenticity of any PM, even after deleting it from your inbox, to anyone who trusts me (and my bot). You'll have a file, I'll have a checksum. The checksum doesn't even need to say who it's from, that will be in the file.

You could go a step further:
Allow a person to then edit the PM/file, redacting what they do not want public.  They could use a strikeout or some other code.  Then they repeat the process with you with a different option, or forward the PM to your bot, and you reparse.   You remove all the strikethrough, and compare the checksum.  If it's valid, you can re-save the file without the strikethrough and post the new checksum.

You could make a commercial enterprise out of this.  Part 1 module for bitcointalk and Part 2 core redaction code.  It can even be secured further by using a cloud service so everything is alway encrypted even to you and your bot - no trust necessary.  Smiley

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 13, 2024, 05:20:01 AM
#8
I'm probably going to tackle adding native PM-exporting support to SMF sometime this year. ~ and probably look into some kind of authenticity-proving mechanism, too.
If it includes proving something, that would be very, very cool! It could be as simple as a checksum somewhere on the forum, like bitcointalk.org/pm.php?action=10924810. All it needs is to show a checksum. But that won't work once the PM is deleted.
hero member
Activity: 510
Merit: 4005
January 13, 2024, 05:15:24 AM
#7
The more I think about it, the more I think I shouldn't bother creating this.
Just a heads-up in case you do decide to spend time on this: I'm probably going to tackle adding native PM-exporting support to SMF sometime this year. I haven't got the details fully worked-out yet, but it's likely I'll add support for multiple file-formats (mbox included) and probably look into some kind of authenticity-proving mechanism, too.
legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
January 13, 2024, 04:30:05 AM
#6
Ninja's don't need sleep, I do Tongue

They really don't sleep! I had already noticed that... Roll Eyes

A question for the OP:
@Vod What was the practical use you had in mind for this type of solution?


legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 13, 2024, 03:40:25 AM
#5
Ninja's don't need sleep, I do Tongue

I already have my PM Publisher, and I can think of something else. But I don't think anyone would want it, since I'd need your password.

Here it goes (hypothetical):
  • Make sure you have staked a Bitcoin address
  • Change your password into something very long
  • PM my to-be-created-bot (running on a newly created and not publicly known server) your password and captcha bypass code
  • Give my bot some time to save all PMs, one file per PM
  • I'll create and publish SHA-256 checksums for each PM.
  • My bot creates a compressed archive with all files, encrypted with the password you provided
  • My bot deletes all your PMs from my server
  • Change your password again so I don't know it
  • My bot deletes the encrypted archive a day later (note that my bot won't delete your PM, my bot can only download, not edit)
  • Archive the SHA-256 checksums

Pros:
  • You have a backup of your PMs
  • You can prove authenticity of any PM, even after deleting it from your inbox, to anyone who trusts me (and my bot). You'll have a file, I'll have a checksum. The checksum doesn't even need to say who it's from, that will be in the file.

Cons:
  • You have to trust me (keeping data private, not changing your password, not snooping around, etc.)
  • It doesn't prove anything to anyone who doesn't trust me
  • You'll have to trust my (cheap) server and it's hosting
  • A big con: myips.php gives away my server IP to any user of this service, which increases the risk of point 3 (although a VPN on the server could solve this)
  • (for me): I'll have to maintain another server, although point 4 makes it kinda futile to use a separate server

The more I think about it, the more I think I shouldn't bother creating this.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
January 13, 2024, 12:58:34 AM
#4
Ask Vod first  Cheesy

You did coded it and published it.
Do you want a utility to save all your PMs?

No, if you follow the adventures in that thread, you'll read my one test subject could not get it working.   :/

I was also coding in windows, and people here don't want to run an executable.

Thanks Ninja!  You beat LoyceV to it (probably due to where the sun was) so I will change the title.

Edit:  LoyceV has a different PM tool:  https://bitcointalksearch.org/topic/loycevs-pm-publisher-5386000.
legendary
Activity: 2758
Merit: 6830
January 13, 2024, 12:27:18 AM
#3
Here's a quick one I just made.

https://gist.github.com/ninjastic/bc568895778132e1414564147d3a9aaf

1. Open the the forum on any page.
2. Open your browser's developer tools.
3. Go to the Console tab.
4. Paste and run the code. Do not close the tab and avoid using the forum in the meanwhile so you don't get rate limited.

After finishing it, a file called pm.json will be downloaded with the format:

Code:
[
  {
    "type": "inbox",
    "title": "Here are my coins",
    "date": "2010-03-22, 12:33:53",
    "to": "TryNinja",
    "toUrl": "https://bitcointalk.org/index.php?action=profile;u=557798",
    "responded": true,
    "message": "Hello TryNinja,

I will be sending my coins to you tomorrow, thank you \"Smiley\"

Best,
satoshi",
    "author": "satoshi",
    "authorUrl": "https://bitcointalk.org/index.php?action=profile;u=3"
  }
]

Didn't hard test it, so idk... Worked for my inbox/outbox. Grin
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
January 12, 2024, 11:25:49 PM
#2
Ask Vod first  Cheesy

You did coded it and published it.
Do you want a utility to save all your PMs?

Your product

Did your forget about your own product or just want to find something with extra features?
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
January 12, 2024, 10:53:53 PM
#1
Hey LoyceV, sorry to put you on the spot, but I think we could open up a new forum subseries called "Ask LoyceV".  Smiley

Would it be possible for you to write a quick script that could back up our private messages?  You mentioned once before it wouldn't be too difficult, and I know there is a lot of valuable data people want to keep in those messages.
https://bitcointalksearch.org/topic/--5277566

(Edit:  Ninja provided the code)

BATTLE OF THE CODERS
Jump to: