Topic: BFL subpoena - page 5. (Read 8680 times)
It is open source.
Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
I think we should consider adding this to the new forum software.
The new forum software should be an open source project. i'm sure there are hundreds of good web dev's here who would be thrilled to participate.(If going the way you suggest).
Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
I think we should consider adding this to the new forum software.
The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
We're not talking about using PGP or any third party software at all. We're talking about doing this via javascript, so everything happens in the browser, and the user doesn't even need to know it's happening. PM's will function just like they do now except you'll need to enter a password to read your PM's, the password and plaintext PM's are never sent to the server and all encryption/decryption is done in-browser, similar to blockchain.info/wallet. This is SIGNIFICANTLY less safe than PGP, but it's probably sufficient to mitigate really invasive subpoena's etc.
In theory, the javascript could be modified so that whenever someone enters their password to decrypt a PM that the password is transmitted to either the forum or a third party attacker which would essentially allow them to decrypt any PM for that user.
Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
I think we should consider adding this to the new forum software.
The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
We're not talking about using PGP or any third party software at all. We're talking about doing this via javascript, so everything happens in the browser, and the user doesn't even need to know it's happening. PM's will function just like they do now except you'll need to enter a password to read your PM's, the password and plaintext PM's are never sent to the server and all encryption/decryption is done in-browser, similar to blockchain.info/wallet. This is SIGNIFICANTLY less safe than PGP, you need to trust theymos doesn't mess with the JS (unless you store it locally, perhaps we could use an optional browser add-on that does that in order to mitigate this risk), but it's probably sufficient to mitigate really invasive subpoena's etc.
Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
I think we should consider adding this to the new forum software.
The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
@theymos,
are you obliged to give them these 'data' or not?
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it
).
are you obliged to give them these 'data' or not?
Awesome. 
Use PGP if you want privacy.
Use PGP if you want privacy.
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it
).Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.
And yes you should always use PGP or something else for sensitive communications.
I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.
When the investigators read the BFL threads they'll probably think everyone here is nuts. They might want to lock up everyone involved as a public safety measure. lol
Most probable yes
.Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
I think we should consider adding this to the new forum software.
The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
This is pretty much the whole forum, right?
It was 2.3% of topics. (This still amounted to ~5 GB of text.)
~5 gb of data, only for BFL
. Can you upload the subpoeana here in the forum (as the other one, the silkroad subpoena?) thanks. The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
That is part of the point IMO. If someone "forgets" their password, they cannot be forced to provide it. Perhaps it should be an opt-in feature and it should be clear to the user that forgetting your password makes your PM's unrecoverable, which is both a feature and an issue.
If that is not desirable, one option would be to use a Bitcoin address to recover access. This could be done by encrypting the PM master key with a Bitcoin addresses public key, some clients like Electrum have a built-in feature that allows you to encrypt/decrypt messages (though I'm unsure how safe this really is, it's rarely a good idea to reuse a key for both signing and encryption), perhaps something similar could be done in JS.
Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
I think we should consider adding this to the new forum software.
The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
This is pretty much the whole forum, right?
It was 2.3% of topics. (This still amounted to ~5 GB of text.)
@theymos,
are you obliged to give them these 'data' or not?
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it).
are you obliged to give them these 'data' or not?
Awesome.
Use PGP if you want privacy.
Use PGP if you want privacy.
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it
).Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.
And yes you should always use PGP or something else for sensitive communications.
I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.
When the investigators read the BFL threads they'll probably think everyone here is nuts. They might want to lock up everyone involved as a public safety measure. lol
@theymos,
are you obliged to give them these 'data' or not?
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it).
are you obliged to give them these 'data' or not?
Awesome.
Use PGP if you want privacy.
Use PGP if you want privacy.
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it
).Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.
And yes you should always use PGP or something else for sensitive communications.
I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.
The law is the law, maybe I should send all the sensitive messages but firstly encrypt them with my pgp private key. (I suppose) this forum is under the eyes of a lot of government (first the USA
).Thanks for the reply BadBear.
@theymos,
are you obliged to give them these 'data' or not?
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it).
are you obliged to give them these 'data' or not?
Awesome.
Use PGP if you want privacy.
Use PGP if you want privacy.
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it
).Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.
And yes you should always use PGP or something else for sensitive communications.
I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.
1. Bad form badbear shouldn't talk about Inaba behind his back.
2. The issue for the forum is going to be persistent given the loads of scams present. This won't be the last time you are going to get a subpoena. Might want to start collating all the other major scams you can. Good luck.
Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
I think we should consider adding this to the new forum software.
@theymos,
are you obliged to give them these 'data' or not?
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it).
are you obliged to give them these 'data' or not?
Awesome.
Use PGP if you want privacy.
Use PGP if you want privacy.
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it
).Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.
And yes you should always use PGP or something else for sensitive communications.
I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.
@theymos,
are you obliged to give them these 'data' or not?
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it).
are you obliged to give them these 'data' or not?
Awesome.
Use PGP if you want privacy.
Use PGP if you want privacy.
You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it
). 
Which side requested it, do you know?
plus a complete copy of every thread in which anyone mentioned BFL
LOL.
This is pretty much the whole forum, right?
I expect so, and I pity the poor investigators who have to go through endless pages of trolling and crying and what not. Maybe after this case Theymos can hire them as mods
nibbknot is someone who at least claimed to be Bruno Kucinskas - I can't imagine that Bruno actually worked for BFL though lol.
Quote
Hello. I'm writing to let you know that due to a subpoena that I received related to a case against BFL, I was forced to release some of your PMs.
In particular, I released all PMs that you sent to or received from the following people, possibly even if you deleted the PM:
Inaba
BFL-Engineer
BFL_Josh
SLok
BFL_Sonny
BFL AM Dave
bcp19
nibbknot
In particular, I released all PMs that you sent to or received from the following people, possibly even if you deleted the PM:
Inaba
BFL-Engineer
BFL_Josh
SLok
BFL_Sonny
BFL AM Dave
bcp19
nibbknot
Who was nibbknot then?
Interesting.
I would guess that this probably has something to do with why one of the BFL threads was recently apparently locked.
No that was sheer coincidence as I locked it without knowing theymos was facing this. 
Awesome.
Use PGP if you want privacy.
Use PGP if you want privacy.
Jump to: