Topic: Checksum verification for quoted messages/posts (Read 1794 times)

One can just as easily change the addy and the hash. Not really any different from how things currently are done.

Glad to see the BSV community is taking interest in signing messages though better later than never I guess

You can sign every message on bitcointalk with a bitcoin address. And all your messages will be securely protected

For example:

Hopefully, once they get this feature completed, theymos can start using the new forum software.

This is more helpful, thank you!

What you describe makes sense to me as a mod tool, I would have much less concerns with that, and would not have concerns of a github style system that took a user to all the edits/modifications (this would be great).. unless you start allowing users to light up snips of quotes as green and 'verified' by the forum, then I think there are too many negative consequences from something like that, which seemed to be where this discussion was heading. I do still think performance would end up a problem on a forum like bitcointalk, but maybe? less problematic as a mod only tool... still seems like a decent amount of extra work per post/edit/etc.

I assume during one of the meetings they had with theymos



I don't see those that relevant anymore...
Most of them are implemented and things like "Feature Parity with SMF forums" and "Build a complete installation and onboarding process" are things that should come without saying.


Some of the issues on github were submitted my myself and other members of the community who tested the epochtalk environment on coinbistro.com like Veleor, for example. Some of them might already be solved in the VueJS branch. Did not test that one yet but by looking at the commits they seem to be on the final stretch regarding the frontend.

Besides those submitted issues I'm pretty sure they discussed with theymos some other features as well and also a certain implementation of this topic's main idea. From what I remember they were talking at some point to have a versioning option, similar to github commits for edited posts. Though available for mods if I remember correctly. From this there's just one more step to some user available info...

For me, it's not worth much unless you can show where it was discussed and what was involved in the discussion.

Has anyone gotten an answer on why they removed the planned features list?  When do we get to see the 'rewrite'?

EDIT: I'm assuming this list is the most recent? which appears to show some of the older planned features, but I don't see anything related to what is being discussed in this thread?

FWIW the guys working on Epochtalk told me that this is a planned feature that was previously discussed.

Not sure if it will be actually added or how exactly it would work but nice to know it was/is taken into account  

Maybe you’re not familiar of my situation with a member Vod? He spent years attacking me with lies and posting false information all because he misread a PM and made assumptions that when he discovered his idiocy he chose to lie and attack instead of admit his mistake. No administrator or moderator was any help in bringing the truth to light and chose to blame the victim and urge forgiveness of the liar. Being able to show that I was posting real quotes and Vod was lying might have saved this community a massive drama that ultimately led to Vod not being able to post here anymore and a lasting suspicion around me for being attacked with lies by a crazy person.

So if critical reading skills could have helped avoid that situation then users with critical reading skills here are in short supply.

I mean it would be a cool feature notwithstanding that I personally have never seen a case where this could have prevented anything. Critical reading skills should prevent people from getting away with misquoting people, and lying about the contents of dms (or denying the existence thereof) would just cause a standoff where one party would look silly after theymos or any moderator? checks their PMs.

I'm guessing this might not happen in low-profile cases which I imagine would be the only reason something like this might be useful, but really in 99% of the cases it is immediately obvious who's the scammer and who's the actual affected party. And again, if it turns out to not be that simple I imagine it would not be that hard for a mod to check the pms manually.

I think the threat alone of an admin checking the actual contents of a pm would already make manipulation with on-site communication (pms) fairly unattractive, especially for more senior users. And really, wouldn't such a feature just cause a shift to other messaging apps like Telegram? Hard to see what exactly would be solved.

Perhaps development efforts would be better spent on finally making it look like this forum didn't come straight out of 2007, and more like their modern counterparts.

*shrug*

I would beware of any user who thinks that verification of private messages is a bad idea...  Checksums aren't some crazy idea that takes a ton of resources if implemented properly.  A checksum of an entire message would also eliminate the possibility of anything being cherry-picked as if you understand how checksums for an entire message could work and require the entire message to be quoted in order for it to be validated.  Think of it like validation of a PGP signed message.  I would beware anyone who thinks this is a bad idea.  

Perhaps it could also enable another feature of private communications, where a user could check a box to send a PM as private and therefore couldn't be verified as a legitimate quote publicly.  Users could even decide if they are willing to accept private communications or not.  Maybe these could even be features reserved for higher level members.

^  It appears QS wants to send the index of the text itself (position of the beginning character of text), and I presume the ending index of whatever is being quoted... and then wants the server to verify the contents of what is being sent and provide its approval.. and also hash it for some reason?.. Why?.. not sure.

When the 'original' what is not available?  user?  PM?... You've already stated the PM has to stay and exist to be verified, and even went as far as to say the PM could no longer be deleted once quoted. So I'm not sure what this PM verification idea is correcting when you say this 'removes the uncertainty of PMs when the original is not available'. Makes no sense to me.


You're not addressing the fact that someone can cherry-pick a comment from someone's message and make it "verified" by the forum, while spinning a story about what that cherry-picked comment is about. This will give the impression that the forum is verifying the perception being put out by whoever is cherry-picking the quote and saying what it was about. IMO, it adds weight/value to a poster that the forum shouldn't be adding into a situation like this.

The person being smeared better also hope they saved their copy of the message, or they cannot even defend themselves with their own version of a 'verified' message explaining the out-of-context quote.

Let's not mention the fact that this type of smearing could also happen in PMs behind-the-scenes where nobody could ever defend themselves on snips of things they have said privately which would be getting misconstrued to others.

Hell, all of those "impersonator" accounts (or alts, who knows..!) are going to have a great time with this feature self-verifying their own messages from their newbie impersonator accounts with very similar names/special characters, so they can scam more people.

I could keep going, but it's counterintuitive for me.. and this is seemingly a waste of time. <- edit: To clarify, I'm referring to my time here, not that the idea itself is a waste of time. I just see it as a double-edged sword, with the worse-case side sharper than the other, so-to-speak. (especially if the intent is to use QS's aforementioned blueprint.)

Wish you all the best on the idea though!

What exactly do you mean by "the index of the text" ? hash ?


How do you propose to use hashes (I guess this is what you mean) for pieces of text ?

If you did the above, it would be clear that text was removed because there would be disclosures saying that text was removed.
Instead of the index's of the text that are removed being sent back to the server, the index's of BB code could be sent back to the server. There could be rules such as if a quote header is removed, the entire inner quote must also be removed.

I seriously doubt it can work like that tbh...

Perhaps there can be a new "quick quote" option. You just select the required text (the selected text would be non editable and would not allow to skip words from block... so from "I am sure I found a scammer" one cannot select just "I am a scammer") and after it you can write the reply.
Something like this: https://github.com/epochtalk/epochtalk/issues/878

Only thing is it would not work with multiple quotes in the same post...

Sounds cleaner and perhaps doable. Simple implementations would have a higher change of (eventually) being added 

It could be implemented as follows:
*Server sends the entire post to the client
*The end user edits the quote, removing the unwanted text. The client editor will automatically add in required disclosures
*The client sends to the server the index's that are to remain in the verified quote
*The server calculates the hash of the message based on the portion of the message that is to remain, plus any rules regarding disclosures that need to be inserted when a portion of a text is removed.

As an example, the following post could be quoted:
The above post could be edited to:
The original post could be seen as a 2D matrix.
When the client sends the post back to the server, it could send the following information:
The server could take the original post being quoted, and the response from the client to create what the client should have created. If someone were to modify something on the client side, the post will not verify.

Cookies can store a lot of stuff but BBCode is not one of them (as far as I know). So even if I did not take into account if this would be resource hungry and how much, it would most likely be done server side.

Coding an app is pretty easy, if you know what you are doing. Adding all the restrictions so it only functions as expected is the hard part most of the times.

We have several community projects like loycev.club and ninjastic.space to check quotes. And for all intents and purposes they can be trusted 99% of the time.

For PMs though a verification is doable IMO. Less corner cases, a bit more straightforward and significantly more manageable for the servers.

Verified quotes could be drafted on the client side, and the client could tell the server the portions of the message that are being quoted so it can verify its authenticity.

That is ridiculous. People post PMs and quotes of posts all the time. There are frequently questions regarding the authenticity of quotes when the original is not available. PM verification would remove that uncertainty.

The status quo is that someone can claim something was said via PM, and the person being accused can stay silent to pretty much guarantee they will come out unscathed. Mods rarely get involved in scam accusations, unless there are large amounts, or a lot of victims involved. If you can prove a PM was sent or received, you can trivially prove you have been scammed via PM.

If you are posting a verified PM, you are either the person who sent the PM or the person who received the PM. The PM would be public, so there would really be no reason to delete the PM. If a PM has been "verified", it would probably be a good idea to disallow the deleting of that PM.

Odd. You all don't see any potential resource/performance issues here? Considering client-side would be a bad idea, this would be happening server-side to all posts/PMs.. using PHP or JS tools?

I believe I've seen theymos decide against things that would consume less resources than this idea would, while citing resources/performance as a reason.

Regardless of resources, verifying cherry-picked quotes is not something the forum should ever support because of some of the .. *uhm* snakes *uhm*.. around here, who like to pull things out of context and lie about others to smear their reputation. If you really think a feature like this is needed, which I don't, it should *at least* be done with only the entire contents of a message, or nothing at all... even then, full messages can be taken out of context over the course of a discussion as well.

While I'm sure having the forum "verify" cherry-picked quotes is something that would give a few people in this thread a boner, it also gives the false impression that the forum is supporting/verifying whatever that user may be falsely claiming about a cherry-picked quote, which could be completely pulled out of context.

On top of this, what happens when a PM is deleted by both users?... do we now have to keep the hashes of deleted PMs to verify, forever?... if not, 6 months after the verification has happened when someone goes back and edits the post that had quoted a "verified" [now deleted] message, modifies it, and hits 'save'.. what then?

I don't think it is a good idea and will not be implemented anytime soon, and I really don't see an overwhelming need for it at this point.. more harm than good seems to come from it.

The forum already implements something very similar via the quote button -- the button just quotes the entire message, and doesn't save the quote to the database (unless you post the quote, but if so, it would be saved as part of your post). To implement what I proposed, the current editor would need to be upgraded to take which parts of a message should be copied as an additional input.

This would basically mean implementing an (over)complicated editor that can handle the quotes like this. I hope that you don't realistically expect that users will use other (external?) tools for this purpose.
I don't have hopes for a such editor get implemented. I think that getting the new forum running/live even without such a feature is more important. That's why I've proposed only something simple.

Of course, if somebody has the time and willingness, sky is the limit, and then we can probably have an editor that handles the quotes, have notification if the quoted post was edited, have versions of the quoted post (for various uses, including the use for correctly showing/handling older quotes)... but, again, I don't realistically expect this come to live.

This would be possible to implement, even if someone wanted to quote part(s) of a post.

A person who wants to quote part of a post (or PM) could tell a tool which parts of the post (or PM) that he wants to quote, the tool could produce the exact text that should be copied (including its own implementation of "~snip~"), calculate the hash of the quoted message, and the source/reference of the message, and store this information in a forum database table (that is indexed by message ID). As long as the hash of the quote and message source match, the quote could be shown as verified.

So the original message would not need to be checked every time the new post is displayed. This would account for any possible issues regarding someone editing their post, breaking the quote verification. Although there could be a message displayed if a quoted message has changed since the verification request was generated.

Ideally it would be optional for both forum posts and private messages, but with unverified private messages being accompanied with some sort of warning.

To be fair mprep's mentioned option also sounds nice:


If you want to quote part of a post you can do it the same way you do it now, but it you want to show you did not edit the post you could use [>>21856705] or similar and the whole post will be quoted and title of the quote turns green. So it would NOT just show >>21856705

Also helpful for cases where the post is deleted afterwards and someone quoted it for reference. And if it's edited you can have 2 or more "green quotes", because it matched the post at the time of writing. Should not be too problematic I guess...

---

After a quick smoke I thought of tons of corner cases and sounds really troublesome to make this for posts. If it gets implemented I see it for PMs only...

For example:

User A makes a post
User B quotes him and checksum OK
User A edits his posts
User B edits his post and checksum is now NOT OK ?!

And what happens when one quotes only a part of the post?
Or, even worse, what happens when one quotes an noncontinuous part of the post? (uses ~snip~ or similar)

I mean that it could be interesting as feature, but I don't think that it can be implemented correctly.
And maybe one easy way would be to just add a link/script that creates a popup so one can check for himself the original post and compare. (And yes, I said easy way, not perfect).

What a great and simple way to put my idea into use.  Thanks for posting this.  I like this implementation.  It's simple to see and if you weren't aware of it or cared, it isn't in any way disruptive.  When I think about how much money could have been saved from users falling victim to MITM scenarios with this feature, it makes me feel like this should be a fairly important feature that should be implemented either on this forum, or the new one.  It seems like so many of the recent forum changes have centered around turning users against each other as they compete for merit and trust, it would be nice if a feature was put in place to help protect those that need protecting instead of empowering users who advertise services to launder money for successful scammers.

Interesting feature !
I indeed see it working mainly with PMs because posts can be edited and if it's a longer post it would be modified (shortened) anyways.


And when the checksum verifies show the title green like links:


I can see it's utility...

Did you know that in qunatity like this direct string comparation with evaluation of character change like on github is more suitable implementation? It doesn't do more harm on processor to multiply one character of a string to compare on, literally checksuming is faster when you have to compare checksums of checksum of chceksum, otherwise it's pairwise more efficient if you can fit into L1

I want to know how my posts are posted and monitored. Those articles are of interest to anyone. Readers will find it useful or not. Should there be clear rules for posting?

I would agree with you. I have had a friend who almost fell for a scam this way. This had happened some time ago and I can't recall the specific details.
I do remember however that the trade was meant to go down between 3 people, and the scammer created false quotes in the name of the second person as if they had written to them. Then these quotes were sent to my friend. Before he sent any funds, he contacted the first person just to verify things, only to then find out that he had been completely fooled by the details of the trade.

While it is a good idea, I do think that it would be too much of a hassle to introduce and maintain, and won't reduce the amount of scamming that is happening on this forum. However, I may be wrong.  

EDIT: An example of this

You can't preview the quote content without opening up the page the post is on though.

No, we can't.  You can take a PM quote from someone and change the quoted text, then forward it to someone else.  This is the type of scenario that would benefit from a method of validation.  

>>21856705
We can already do that. We don't, though, because just look how stupid it is. How is it even supposed to solve anything?

AFAIK theymos wanted to have quotes replaced with references to posts (something like what 4chan or similar image boards have) in the new forum software.

Users can currently send/post incorrectly quoted messages to assist in scams or discredit other users.

This could be addressed by having a hash generated based on the content of a message, and then a checksum implemented to reject invalid quotes from being sent/reposted.