Pages:
Author

Topic: Checksum verification for quoted messages/posts (Read 1888 times)

copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
February 07, 2022, 05:29:46 AM
#35
You can sign every message on bitcointalk with a bitcoin address. And all your messages will be securely protected

One can just as easily change the addy and the hash. Not really any different from how things currently are done.

Glad to see the BSV community is taking interest in signing messages though Grin better later than never I guess
full member
Activity: 626
Merit: 234
Users can currently send/post incorrectly quoted messages to assist in scams or discredit other users.

This could be addressed by having a hash generated based on the content of a message, and then a checksum implemented to reject invalid quotes from being sent/reposted.
You can sign every message on bitcointalk with a bitcoin address. And all your messages will be securely protected

For example:

-----BEGIN BITCOIN SIGNED MESSAGE-----
Message from OgNasty
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: ###################################

######################################################################
-----END BITCOIN SIGNATURE-----
copper member
Activity: 2996
Merit: 2374
FWIW the guys working on Epochtalk told me that this is a planned feature that was previously discussed.
Hopefully, once they get this feature completed, theymos can start using the new forum software.
legendary
Activity: 1789
Merit: 2535
Goonies never say die.
This is more helpful, thank you! Smiley

What you describe makes sense to me as a mod tool, I would have much less concerns with that, and would not have concerns of a github style system that took a user to all the edits/modifications (this would be great).. unless you start allowing users to light up snips of quotes as green and 'verified' by the forum, then I think there are too many negative consequences from something like that, which seemed to be where this discussion was heading. I do still think performance would end up a problem on a forum like bitcointalk, but maybe? less problematic as a mod only tool... still seems like a decent amount of extra work per post/edit/etc.
copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
For me, it's not worth much unless you can show where it was discussed and what was involved in the discussion.

I assume during one of the meetings they had with theymos

Has anyone gotten an answer on why they removed the planned features list?  When do we get to see the 'rewrite'?

Epochtalk had a "roadmap" before, but at some point in 2020 [or 2021], they removed that page [you can still check some of its content from the following "archived version"].

I don't see those that relevant anymore...
Most of them are implemented and things like "Feature Parity with SMF forums" and "Build a complete installation and onboarding process" are things that should come without saying.

EDIT: I'm assuming this list is the most recent? which appears to show some of the older planned features, but I don't see anything related to what is being discussed in this thread?

Some of the issues on github were submitted my myself and other members of the community who tested the epochtalk environment on coinbistro.com like Veleor, for example. Some of them might already be solved in the VueJS branch. Did not test that one yet but by looking at the commits they seem to be on the final stretch regarding the frontend.

Besides those submitted issues I'm pretty sure they discussed with theymos some other features as well and also a certain implementation of this topic's main idea. From what I remember they were talking at some point to have a versioning option, similar to github commits for edited posts. Though available for mods if I remember correctly. From this there's just one more step to some user available info...
legendary
Activity: 1789
Merit: 2535
Goonies never say die.
FWIW the guys working on Epochtalk told me that this is a planned feature that was previously discussed.
For me, it's not worth much unless you can show where it was discussed and what was involved in the discussion.

Has anyone gotten an answer on why they removed the planned features list?  When do we get to see the 'rewrite'?

EDIT: I'm assuming this list is the most recent? which appears to show some of the older planned features, but I don't see anything related to what is being discussed in this thread?
copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
FWIW the guys working on Epochtalk told me that this is a planned feature that was previously discussed.

Not sure if it will be actually added or how exactly it would work but nice to know it was/is taken into account  Wink
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
I mean it would be a cool feature notwithstanding that I personally have never seen a case where this could have prevented anything. Critical reading skills should prevent people from getting away with misquoting people, and lying about the contents of dms (or denying the existence thereof) would just cause a standoff where one party would look silly after theymos or any moderator? checks their PMs.

Maybe you’re not familiar of my situation with a member Vod? He spent years attacking me with lies and posting false information all because he misread a PM and made assumptions that when he discovered his idiocy he chose to lie and attack instead of admit his mistake. No administrator or moderator was any help in bringing the truth to light and chose to blame the victim and urge forgiveness of the liar. Being able to show that I was posting real quotes and Vod was lying might have saved this community a massive drama that ultimately led to Vod not being able to post here anymore and a lasting suspicion around me for being attacked with lies by a crazy person.

So if critical reading skills could have helped avoid that situation then users with critical reading skills here are in short supply.
legendary
Activity: 1946
Merit: 1427
Quote
Users can currently send/post incorrectly quoted messages to assist in scams or discredit other users.

This could be addressed by having a hash generated based on the content of a message, and then a checksum implemented to reject invalid quotes from being sent/reposted.
I mean it would be a cool feature notwithstanding that I personally have never seen a case where this could have prevented anything. Critical reading skills should prevent people from getting away with misquoting people, and lying about the contents of dms (or denying the existence thereof) would just cause a standoff where one party would look silly after theymos or any moderator? checks their PMs.

I'm guessing this might not happen in low-profile cases which I imagine would be the only reason something like this might be useful, but really in 99% of the cases it is immediately obvious who's the scammer and who's the actual affected party. And again, if it turns out to not be that simple I imagine it would not be that hard for a mod to check the pms manually.

I think the threat alone of an admin checking the actual contents of a pm would already make manipulation with on-site communication (pms) fairly unattractive, especially for more senior users. And really, wouldn't such a feature just cause a shift to other messaging apps like Telegram? Hard to see what exactly would be solved.

Perhaps development efforts would be better spent on finally making it look like this forum didn't come straight out of 2007, and more like their modern counterparts.
legendary
Activity: 1789
Merit: 2535
Goonies never say die.
If you really think a feature like this is needed, which I don't, it should *at least* be done with only the entire contents of a message, or nothing at all... even then, full messages can be taken out of context over the course of a discussion as well.

A checksum of an entire message would also eliminate the possibility of anything being cherry-picked as if you understand how checksums for an entire message could work and require the entire message to be quoted in order for it to be validated.  Think of it like validation of a PGP signed message.  I would beware anyone who thinks this is a bad idea.  

*shrug*
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
I would beware of any user who thinks that verification of private messages is a bad idea...  Checksums aren't some crazy idea that takes a ton of resources if implemented properly.  A checksum of an entire message would also eliminate the possibility of anything being cherry-picked as if you understand how checksums for an entire message could work and require the entire message to be quoted in order for it to be validated.  Think of it like validation of a PGP signed message.  I would beware anyone who thinks this is a bad idea.  

Perhaps it could also enable another feature of private communications, where a user could check a box to send a PM as private and therefore couldn't be verified as a legitimate quote publicly.  Users could even decide if they are willing to accept private communications or not.  Maybe these could even be features reserved for higher level members.
legendary
Activity: 1789
Merit: 2535
Goonies never say die.
^  It appears QS wants to send the index of the text itself (position of the beginning character of text), and I presume the ending index of whatever is being quoted... and then wants the server to verify the contents of what is being sent and provide its approval.. and also hash it for some reason?.. Why?.. not sure.

That is ridiculous. People post PMs and quotes of posts all the time. There are frequently questions regarding the authenticity of quotes when the original is not available. PM verification would remove that uncertainty.
When the 'original' what is not available?  user?  PM?... You've already stated the PM has to stay and exist to be verified, and even went as far as to say the PM could no longer be deleted once quoted. So I'm not sure what this PM verification idea is correcting when you say this 'removes the uncertainty of PMs when the original is not available'. Makes no sense to me.

The status quo is that someone can claim something was said via PM, and the person being accused can stay silent to pretty much guarantee they will come out unscathed. Mods rarely get involved in scam accusations, unless there are large amounts, or a lot of victims involved. If you can prove a PM was sent or received, you can trivially prove you have been scammed via PM.

You're not addressing the fact that someone can cherry-pick a comment from someone's message and make it "verified" by the forum, while spinning a story about what that cherry-picked comment is about. This will give the impression that the forum is verifying the perception being put out by whoever is cherry-picking the quote and saying what it was about. IMO, it adds weight/value to a poster that the forum shouldn't be adding into a situation like this.

The person being smeared better also hope they saved their copy of the message, or they cannot even defend themselves with their own version of a 'verified' message explaining the out-of-context quote.

Let's not mention the fact that this type of smearing could also happen in PMs behind-the-scenes where nobody could ever defend themselves on snips of things they have said privately which would be getting misconstrued to others.

Hell, all of those "impersonator" accounts (or alts, who knows..!) are going to have a great time with this feature self-verifying their own messages from their newbie impersonator accounts with very similar names/special characters, so they can scam more people.

I could keep going, but it's counterintuitive for me.. and this is seemingly a waste of time. <- edit: To clarify, I'm referring to my time here, not that the idea itself is a waste of time. I just see it as a double-edged sword, with the worse-case side sharper than the other, so-to-speak. (especially if the intent is to use QS's aforementioned blueprint.)

Wish you all the best on the idea though!
copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
Instead of the index's of the text that are removed being sent back to the server, the index's of BB code could be sent back to the server.

What exactly do you mean by "the index of the text" ? hash ?

Code:
Full text: bla bla bla I am sure I found a scammer bla bla bla
hash: 8F0F7FEB60FC873A6066739931B68D78C1C6E8304953807A519202A23F9045B8

Text: I am sure I found a scammer
hash: F7CFCD9D9FEA2582DD256D5FD073CCB095B03282EEF987708E007C30711F013A

Text: I am a scammer
hash: 2BB8A5672EFD6382C8803E9DB05511A78AAAF8955F0B42222C109CC9F99A92A8

How do you propose to use hashes (I guess this is what you mean) for pieces of text ?
copper member
Activity: 2996
Merit: 2374
...

I seriously doubt it can work like that tbh...

Perhaps there can be a new "quick quote" option. You just select the required text (the selected text would be non editable and would not allow to skip words from block... so from "I am sure I found a scammer" one cannot select just "I am a scammer") and after it you can write the reply.
Something like this: https://github.com/epochtalk/epochtalk/issues/878
If you did the above, it would be clear that text was removed because there would be disclosures saying that text was removed.
Only thing is it would not work with multiple quotes in the same post...
Instead of the index's of the text that are removed being sent back to the server, the index's of BB code could be sent back to the server. There could be rules such as if a quote header is removed, the entire inner quote must also be removed.
copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
...

I seriously doubt it can work like that tbh...

Perhaps there can be a new "quick quote" option. You just select the required text (the selected text would be non editable and would not allow to skip words from block... so from "I am sure I found a scammer" one cannot select just "I am a scammer") and after it you can write the reply.
Something like this: https://github.com/epochtalk/epochtalk/issues/878

Only thing is it would not work with multiple quotes in the same post...

Sounds cleaner and perhaps doable. Simple implementations would have a higher change of (eventually) being added  Smiley
copper member
Activity: 2996
Merit: 2374
Verified quotes could be drafted on the client side, and the client could tell the server the portions of the message that are being quoted so it can verify its authenticity.

Cookies can store a lot of stuff but BBCode is not one of them (as far as I know). So even if I did not take into account if this would be resource hungry and how much, it would most likely be done server side.
It could be implemented as follows:
*Server sends the entire post to the client
*The end user edits the quote, removing the unwanted text. The client editor will automatically add in required disclosures
*The client sends to the server the index's that are to remain in the verified quote
*The server calculates the hash of the message based on the portion of the message that is to remain, plus any rules regarding disclosures that need to be inserted when a portion of a text is removed.

As an example, the following post could be quoted:
Quote from: example
This is an important line.
This is an unimportant line.
This is an important line.
This is an important sentence. This is an unimportant sentence. This is important.
This line is important.
The above post could be edited to:
Quote from: example
This is an important line.

This is an important line.
This is an important sentence.<[1]> This is important.
This line is important.
[1]- Forum disclosure - a portion of this line was removed
The original post could be seen as a 2D matrix.
When the client sends the post back to the server, it could send the following information:
Quote
post[0] - removed
post[3][30:64] - removed
The server could take the original post being quoted, and the response from the client to create what the client should have created. If someone were to modify something on the client side, the post will not verify.
copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
Verified quotes could be drafted on the client side, and the client could tell the server the portions of the message that are being quoted so it can verify its authenticity.

Cookies can store a lot of stuff but BBCode is not one of them (as far as I know). So even if I did not take into account if this would be resource hungry and how much, it would most likely be done server side.

Coding an app is pretty easy, if you know what you are doing. Adding all the restrictions so it only functions as expected is the hard part most of the times.

We have several community projects like loycev.club and ninjastic.space to check quotes. And for all intents and purposes they can be trusted 99% of the time.

For PMs though a verification is doable IMO. Less corner cases, a bit more straightforward and significantly more manageable for the servers.
copper member
Activity: 2996
Merit: 2374
Odd. You all don't see any potential resource/performance issues here? Considering client-side would be a bad idea, this would be happening server-side to all posts/PMs.. using PHP or JS tools? Shocked
Verified quotes could be drafted on the client side, and the client could tell the server the portions of the message that are being quoted so it can verify its authenticity.

While I'm sure having the forum "verify" cherry-picked quotes is something that would give a few people in this thread a boner, it also gives the false impression that the forum is supporting/verifying whatever that user may be falsely claiming about a cherry-picked quote, which could be completely pulled out of context.
That is ridiculous. People post PMs and quotes of posts all the time. There are frequently questions regarding the authenticity of quotes when the original is not available. PM verification would remove that uncertainty.

The status quo is that someone can claim something was said via PM, and the person being accused can stay silent to pretty much guarantee they will come out unscathed. Mods rarely get involved in scam accusations, unless there are large amounts, or a lot of victims involved. If you can prove a PM was sent or received, you can trivially prove you have been scammed via PM.

On top of this, what happens when a PM is deleted by both users?... do we now have to keep the hashes of deleted PMs to verify, forever?... if not, 6 months after the verification has happened when someone goes back and edits the post that had quoted a "verified" [now deleted] message, modifies it, and hits 'save'.. what then?
If you are posting a verified PM, you are either the person who sent the PM or the person who received the PM. The PM would be public, so there would really be no reason to delete the PM. If a PM has been "verified", it would probably be a good idea to disallow the deleting of that PM.
legendary
Activity: 1789
Merit: 2535
Goonies never say die.
Odd. You all don't see any potential resource/performance issues here? Considering client-side would be a bad idea, this would be happening server-side to all posts/PMs.. using PHP or JS tools? Shocked

I believe I've seen theymos decide against things that would consume less resources than this idea would, while citing resources/performance as a reason.

Regardless of resources, verifying cherry-picked quotes is not something the forum should ever support because of some of the .. *uhm* snakes *uhm*.. around here, who like to pull things out of context and lie about others to smear their reputation. If you really think a feature like this is needed, which I don't, it should *at least* be done with only the entire contents of a message, or nothing at all... even then, full messages can be taken out of context over the course of a discussion as well.

While I'm sure having the forum "verify" cherry-picked quotes is something that would give a few people in this thread a boner, it also gives the false impression that the forum is supporting/verifying whatever that user may be falsely claiming about a cherry-picked quote, which could be completely pulled out of context.

On top of this, what happens when a PM is deleted by both users?... do we now have to keep the hashes of deleted PMs to verify, forever?... if not, 6 months after the verification has happened when someone goes back and edits the post that had quoted a "verified" [now deleted] message, modifies it, and hits 'save'.. what then?

I don't think it is a good idea and will not be implemented anytime soon, and I really don't see an overwhelming need for it at this point.. more harm than good seems to come from it.
copper member
Activity: 2996
Merit: 2374
And what happens when one quotes only a part of the post?
Or, even worse, what happens when one quotes an noncontinuous part of the post? (uses ~snip~ or similar)
This would be possible to implement, even if someone wanted to quote part(s) of a post.

A person who wants to quote part of a post (or PM) could tell a tool which parts of the post (or PM) that he wants to quote, the tool could produce the exact text that should be copied (including its own implementation of "~snip~"), calculate the hash of the quoted message, and the source/reference of the message, and store this information in a forum database table (that is indexed by message ID). As long as the hash of the quote and message source match, the quote could be shown as verified.

So the original message would not need to be checked every time the new post is displayed. This would account for any possible issues regarding someone editing their post, breaking the quote verification. Although there could be a message displayed if a quoted message has changed since the verification request was generated.

This would basically mean implementing an (over)complicated editor that can handle the quotes like this. I hope that you don't realistically expect that users will use other (external?) tools for this purpose.
I don't have hopes for a such editor get implemented. I think that getting the new forum running/live even without such a feature is more important. That's why I've proposed only something simple.

Of course, if somebody has the time and willingness, sky is the limit, and then we can probably have an editor that handles the quotes, have notification if the quoted post was edited, have versions of the quoted post (for various uses, including the use for correctly showing/handling older quotes)... but, again, I don't realistically expect this come to live.
The forum already implements something very similar via the quote button -- the button just quotes the entire message, and doesn't save the quote to the database (unless you post the quote, but if so, it would be saved as part of your post). To implement what I proposed, the current editor would need to be upgraded to take which parts of a message should be copied as an additional input.
Pages:
Jump to: