Certified/signed private messages | Bitcointalksearch.org

Muhammed Zakir

hero member

Activity: 560

Merit: 506

I prefer Zakir over Muhammed when mentioning me!

Quote from: dserrano5 on June 27, 2015, 02:28:38 PM

Quote from: EcuaMobi on June 27, 2015, 11:10:11 AM

Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary solve it?

I was unable to sign Bitcointalk.org page. Huh

PageSigner error

This website cannot be audited by PageSigner because it presented an untrusted certificate

Quickseller

copper member

Activity: 2870

Merit: 2298

You can't report any sent PMs. If a sent PM is not quoted in the reply, or if it is quoted incorrectly then a good amount of information may be left out.

edit: Maybe it would be a good idea to allow messages in the outbox be reported to an admin/global mod (as well as the ability to search the outbox)

BadBear

legendary

Activity: 1652

Merit: 1127

Yes, scams aren't moderated but global mods and admins can still see reported pm's and verify the quote or screenshot is legitimate. There's nothing wrong with the suggestions, but to say the only way is to allow a trusted member to log into your account isn't true.

EcuaMobi

legendary

Activity: 1862

Merit: 1469

https://Ecua.Mobi

Quote from: grue on June 28, 2015, 01:33:26 AM

Quote from: EcuaMobi on June 27, 2015, 11:10:11 AM

Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.

No, you can also report the PM to a global moderator/admin.

Scams are not moderated so that wouldn't help on most of the scenarios I listed. In a scam accusation normally what's needed is a proof that the published PM was not edited.

grue

legendary

Activity: 2058

Merit: 1431

Quote from: EcuaMobi on June 27, 2015, 11:10:11 AM

Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.

No, you can also report the PM to a global moderator/admin.

EcuaMobi

legendary

Activity: 1862

Merit: 1469

https://Ecua.Mobi

Quote from: dserrano5 on June 27, 2015, 02:28:38 PM

Quote from: EcuaMobi on June 27, 2015, 11:10:11 AM

Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary solve it?

Thanks. I didn't know about that. Yes that will certainly help! I'd still prefer a built-in method though, something that's easier and faster to generate and everyone here know about.

dserrano5

legendary

Activity: 1974

Merit: 1029

Quote from: EcuaMobi on June 27, 2015, 11:10:11 AM

Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary solve it?

Muhammed Zakir

hero member

Activity: 560

Merit: 506

I prefer Zakir over Muhammed when mentioning me!

I like this idea.

Quote from: EcuaMobi on June 27, 2015, 11:10:11 AM

-snip-
Under request anyone can acquire the signature of a sent or received PM to prove authenticity. The process would be 100% automatic.
-snip-

I think a better way would be to have a button-like on every PM. Sender/receiver can click it and the signature associated with that message will be shown. The way you suggested, assuming it is automatic, may cause high server loads.

devnull2

newbie

Activity: 4

Merit: 0

Thats a nice idea.

EcuaMobi

legendary

Activity: 1862

Merit: 1469

https://Ecua.Mobi

Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.

A simple method to solve this would be to have an official BTC address and/or GPG certificate. The private key would be on the server as protected as possible. The public key would be published on the site. Under request anyone can acquire the signature of a sent or received PM to prove authenticity. The process would be 100% automatic.

There would be a risk if the server is compromised but probably in that case fake signed messages wouldn't be the biggest of our concerns anyway. I've been thinking about a way to remove or reduce this risk but the only other way would be for an admin to do it manually offline. That would be way to much work.

Topic: Certified/signed private messages (Read 1234 times)