Author

Topic: Certified/signed private messages (Read 1253 times)

hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
July 02, 2015, 06:59:01 AM
#10
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary solve it?

I was unable to sign Bitcointalk.org page. Huh

PageSigner error

This website cannot be audited by PageSigner because it presented an untrusted certificate
copper member
Activity: 2996
Merit: 2374
June 28, 2015, 10:12:02 AM
#9
You can't report any sent PMs. If a sent PM is not quoted in the reply, or if it is quoted incorrectly then a good amount of information may be left out.

edit: Maybe it would be a good idea to allow messages in the outbox be reported to an admin/global mod (as well as the ability to search the outbox)
legendary
Activity: 1652
Merit: 1128
June 28, 2015, 10:03:10 AM
#8
Yes, scams aren't moderated but global mods and admins can still see reported pm's and verify the quote or screenshot is legitimate. There's nothing wrong with the suggestions, but to say the only way is to allow a trusted member to log into your account isn't true.
legendary
Activity: 1876
Merit: 1475
June 28, 2015, 09:46:02 AM
#7
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.
No, you can also report the PM to a global moderator/admin.

Scams are not moderated so that wouldn't help on most of the scenarios I listed. In a scam accusation normally what's needed is a proof that the published PM was not edited.
legendary
Activity: 2058
Merit: 1452
June 28, 2015, 12:33:26 AM
#6
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.
No, you can also report the PM to a global moderator/admin.
legendary
Activity: 1876
Merit: 1475
June 27, 2015, 11:27:14 PM
#5
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary solve it?

Thanks. I didn't know about that. Yes that will certainly help! I'd still prefer a built-in method though, something that's easier and faster to generate and everyone here know about.
legendary
Activity: 1974
Merit: 1029
June 27, 2015, 01:28:38 PM
#4
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary solve it?
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
June 27, 2015, 10:47:48 AM
#3
I like this idea.

-snip-
Under request anyone can acquire the signature of a sent or received PM to prove authenticity. The process would be 100% automatic.
 -snip-

I think a better way would be to have a button-like on every PM. Sender/receiver can click it and the signature associated with that message will be shown. The way you suggested, assuming it is automatic, may cause high server loads.
newbie
Activity: 4
Merit: 0
June 27, 2015, 10:23:14 AM
#2
Thats a nice idea.
legendary
Activity: 1876
Merit: 1475
June 27, 2015, 10:10:11 AM
#1
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.

A simple method to solve this would be to have an official BTC address and/or GPG certificate. The private key would be on the server as protected as possible. The public key would be published on the site. Under request anyone can acquire the signature of a sent or received PM to prove authenticity. The process would be 100% automatic.

There would be a risk if the server is compromised but probably in that case fake signed messages wouldn't be the biggest of our concerns anyway. I've been thinking about a way to remove or reduce this risk but the only other way would be for an admin to do it manually offline. That would be way to much work.
Jump to: