Author

Topic: How Secure is BitcoinTalk? (Read 587 times)

full member
Activity: 1638
Merit: 122
May 17, 2018, 06:35:24 PM
#35
If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

is it really possible to place an image - even an invisible image - that works like the traking things that are sent via e-mail? the images that services like mailchimp uses.

edit. sorry, i should have read the second page too before asking this question.

Yes it is really possible to post images as long as your current rank allows it. junior member and up is the ideal minimum rank that can be able to do it.

I forgot , copper members  that pays for membership is also another rank that can be able to allow images on their post.

And about the ip address thing , i dont thing any of us is concerned about it. ip address isnt really accurate because some of us are using a vpn or a virtual private network in order to browse the forum, so i think it is still pointless to trace the user.

Bitcointalk.org  is now verry secure because the forum has upgraded its security lately after the hacking had occur.
sr. member
Activity: 840
Merit: 375
May 17, 2018, 03:35:56 PM
#34
This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.
What exactly is a bitcoin ban? I am probably assuming the ban from this forum? Also do explain your last point.
A Bitcoin ban means (In my case) that holding/transacting Bitcoin is illegal and could be punishable by law (fines and penalties) if caught.
legendary
Activity: 1498
Merit: 1117
May 17, 2018, 02:40:54 PM
#33
If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

is it really possible to place an image - even an invisible image - that works like the traking things that are sent via e-mail? the images that services like mailchimp uses.

edit. sorry, i should have read the second page too before asking this question.
staff
Activity: 3304
Merit: 4115
May 17, 2018, 09:11:21 AM
#32
-Thank you theymos for the clarification,I really appreciate that.
I also hope that you will implement the public-key-registration system in the near future as I'm sure alot of people living in countries banning crypto are also worried about tracks they leave behind them please don't forget us.I'm a bit more reassured atleast not all actions leave permanent IP record

-Correct me if I wrong but I don't think that Tor having nodes backed by the NSA would cause a lot of troube to users as a node can't directly link to your real IP unless all the nodes your tor client picked are backed by the NSA

You would be correct.

The more end nodes you control in the network the more likely you are to control all the nodes in a circuit. If the NSA or any entity for instance controlled all nodes within the circuit you are using then they would be able to determine the IP that you use. This is why more nodes means more security, because it's more unlikely for one entity to control all the nodes. Although, with the spending power, and resources of someone like NSA there are concerns from a select few.

This probably isn't too much of a concern for someone who's accessing a forum that they aren't suppose too, but it's quite well known that journalists use the Tor project to communicate with "whistleblowers" and the like, and you can imagine why the government would want to listen into these. The motives are there, but I'm skeptical of how much of a problem it really is.

If you want extra protection some people connect to Tor via a VPN. Then you have to trust that VPN provider.
copper member
Activity: 630
Merit: 420
We are Bitcoin!
May 16, 2018, 06:29:26 PM
#31
If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

Try it and see how many IPs you get...
What I understand from this is, It's not gonna work. So seems like we are safe.


Update:
Ok seems like I have missed this from shahzadafzal.
Actually Theymos is pointing out that it's not possible anymore. bitcointalk is using image proxy which prevents any request being forwarded to the source directly from client's browser.

If you haven't notice all [img] tages are replaced like, so you will not get IP Address of the user but all requests will be coming from bitcointalk's image proxy server.

Code:
https://ip.bitcointalk.org/?u={url}

I seriously think, bitcointalk should enable Image caching on proxy server, currently it looks like caching is not enabled or used that's why we don't see any image for few [5+] seconds.
legendary
Activity: 2383
Merit: 1551
dogs are cute.
May 16, 2018, 06:07:29 PM
#30
This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.
What exactly is a bitcoin ban? I am probably assuming the ban from this forum? Also do explain your last point.
sr. member
Activity: 840
Merit: 375
May 16, 2018, 04:11:34 PM
#29
Your mental model should always be that the forum logs everything, especially since it is behind Cloudflare, which is almost certainly an NSA-backed operation. But here is some more detail. Currently there are four classes of IP logs:
 - Every time your session refreshes (about every 10 minutes while you are browsing the site), your current IP is momentarily logged. This is only kept until a new such entry replaces it, except that whenever the daily database backup happens, the current value will be captured and then possibly kept for a long time.
 - A tuple (time, userID, ip) is logged whenever you view a forum ad in order to produce ad stats. These are kept for only a few weeks, and are not backed up.
 - Every HTTP request creates an access log, but while these contain IPs, they do not contain user IDs, and so on the whole they probably cannot be provably associated with users. These are usually deleted after a few months, and are not backed up.
 - Certain actions trigger a long-term IP log. This includes posts (but not PMs), security-log entries, certain errors, and registration. Long-term logs are currently kept indefinitely.

I don't like that IPs are sometimes kept indefinitely. To prevent abuse, it would probably be sufficient to keep them for ~6 months. But keeping these logs long-term is extremely useful for account recoveries. I've been thinking about this issue, and I think that in the future I might let users opt out of long-term IP logging if they have a public key registered in a (currently-not-existing) public-key-registration system. Though, again, even then you should model this site and all sites as keeping complete logs.

Unless I am somehow required to do so by law (though I can't see how in this case), I will not assist police who are seeking to enforce any Bitcoin ban.

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

Try it and see how many IPs you get...
This is what I like about you. a true rebel.

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.

Would you ban my country's IP from accessing this forum if there is a court order? I'm not talking about crime related bans, just a pure access to information? if so then how would you suggest to avoid this?

Not to mention that you supporting Bitcoin is equal to be a rebel where I come from.
-Thank you theymos for the clarification,I really appreciate that.
I also hope that you will implement the public-key-registration system in the near future as I'm sure alot of people living in countries banning crypto are also worried about tracks they leave behind them please don't forget us.I'm a bit more reassured atleast not all actions leave permanent IP record

-Correct me if I wrong but I don't think that Tor having nodes backed by the NSA would cause a lot of troube to users as a node can't directly link to your real IP unless all the nodes your tor client picked are backed by the NSA
staff
Activity: 3304
Merit: 4115
May 16, 2018, 08:26:11 AM
#28
Would you ban my country's IP from accessing this forum if there is a court order? I'm not talking about crime related bans, just a pure access to information? if so then how would you suggest to avoid this?
Even if the unlikely scenario happened you could use a VPN/Tor browser to access the forum, and that's how you would avoid it. Even if theymos did receive a court order to restrict certain countries from accessing the forum he would likely be able to argue that it's down to the users if they break the law in their jurisdiction, and therefore isn't down to him. Cour
copper member
Activity: 1330
Merit: 899
🖤😏
May 16, 2018, 05:57:57 AM
#27
This is what I like about you. a true rebel.

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.

Would you ban my country's IP from accessing this forum if there is a court order? I'm not talking about crime related bans, just a pure access to information? if so then how would you suggest to avoid this?

Not to mention that you supporting Bitcoin is equal to be a rebel where I come from.
staff
Activity: 3304
Merit: 4115
May 16, 2018, 04:28:53 AM
#26
The member's table has leaked at least once, and the forum has been hacked multiple times. Your registration IP address and your last recorded IP address as of when the members table leaked is more or less public information now. An unknown amount of additional information from the other hacks is potentially essentially public information as well.
I'm well aware that to be the case, but the OP registered well after the known database leak which I believe was in mid 2015. This is also why I mentioned it's not much of a big deal due to most IPs would have changed by now as you said here:
a user's IP address will have changed after several months (and to a much greater extent, after multiple years) anyway.   

First of all, I admire you for having the guts to continue engaging with crypto and also for not feeling discouraged at all despite the fact that it is banned in your country. At the same time, I'm a little bit worried to you because you may possibly punished by the law if ever you are proven guilty.

I'm not a total geek about computer stuffs but what I can suggest you is to use a VPN to hide your IP because that makes you anonymous everytime you will access the internet. I hope it helps.
This is also generally bad advise. Just because you are using a VPN doesn't mean you can trust those behind it, especially when confronted by a government authority they may release the information without even putting up a fight.

No log VPNs are good practice, but even these in the past have been caught keeping logs. Even, if you use Tor Browser there's speculation that a lot of the end nodes are actually NSA owned.
full member
Activity: 1232
Merit: 186
May 16, 2018, 03:11:30 AM
#25
First of all, I admire you for having the guts to continue engaging with crypto and also for not feeling discouraged at all despite the fact that it is banned in your country. At the same time, I'm a little bit worried to you because you may possibly punished by the law if ever you are proven guilty.

I'm not a total geek about computer stuffs but what I can suggest you is to use a VPN to hide your IP because that makes you anonymous everytime you will access the internet. I hope it helps.
copper member
Activity: 1526
Merit: 2890
May 16, 2018, 02:33:25 AM
#24
Try it and see how many IPs you get...

I haven't  looked into the programming required for this, as individual IPs are of no interest to me. View counts and referring URLs are about as far as I want to go.

Actually Theymos is pointing out that it's not possible anymore. bitcointalk is using image proxy which prevents any request being forwarded to the source directly from client's browser.

If you haven't notice all [img] tages are replaced like, so you will not get IP Address of the user but all requests will be coming from bitcointalk's image proxy server.

Code:
https://ip.bitcointalk.org/?u={url}

I seriously think, bitcointalk should enable Image caching on proxy server, currently it looks like caching is not enabled or used that's why we don't see any image for few [5+] seconds.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
May 16, 2018, 02:11:18 AM
#23
If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

Try it and see how many IPs you get...

I haven't  looked into the programming required for this, as individual IPs are of no interest to me. View counts and referring URLs are about as far as I want to go.
copper member
Activity: 2996
Merit: 2374
May 16, 2018, 01:01:59 AM
#22
If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.
This was actually done many years ago, many people viewed this person to be a scammer as a result. The forum currently uses an image proxy that makes this attack useless.


Only administrators can see your IP address.
The member's table has leaked at least once, and the forum has been hacked multiple times. Your registration IP address and your last recorded IP address as of when the members table leaked is more or less public information now. An unknown amount of additional information from the other hacks is potentially essentially public information as well.

Long-term logs are currently kept indefinitely.
I would advise against this.

Over time, you will inevitably lose some of this information for a variety of reasons, and you can potentially be in legal trouble if you are unable to produce specific information you say you retain indefinitely, especially if you are close to the person.

I would suggest, as an alternative to instead either retain the name of the person's ISP, geolocation data, or truncated IP address (or a combination thereof) over the very long term. This is likely what you essentially will use for things like account recovery anyway and in most instances, a user's IP address will have changed after several months (and to a much greater extent, after multiple years) anyway.   
administrator
Activity: 5222
Merit: 13032
May 16, 2018, 12:13:11 AM
#21
This is what I like about you. a true rebel.

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.
copper member
Activity: 1330
Merit: 899
🖤😏
May 15, 2018, 10:38:39 PM
#20
I will not assist police who are seeking to enforce any Bitcoin ban.

This is what I like about you. a true rebel.
administrator
Activity: 5222
Merit: 13032
May 15, 2018, 07:03:03 PM
#19
Your mental model should always be that the forum logs everything, especially since it is behind Cloudflare, which is almost certainly an NSA-backed operation. But here is some more detail. Currently there are four classes of IP logs:
 - Every time your session refreshes (about every 10 minutes while you are browsing the site), your current IP is momentarily logged. This is only kept until a new such entry replaces it, except that whenever the daily database backup happens, the current value will be captured and then possibly kept for a long time.
 - A tuple (time, userID, ip) is logged whenever you view a forum ad in order to produce ad stats. These are kept for only a few weeks, and are not backed up.
 - Every HTTP request creates an access log, but while these contain IPs, they do not contain user IDs, and so on the whole they probably cannot be provably associated with users. These are usually deleted after a few months, and are not backed up.
 - Certain actions trigger a long-term IP log. This includes posts (but not PMs), security-log entries, certain errors, and registration. Long-term logs are currently kept indefinitely.

I don't like that IPs are sometimes kept indefinitely. To prevent abuse, it would probably be sufficient to keep them for ~6 months. But keeping these logs long-term is extremely useful for account recoveries. I've been thinking about this issue, and I think that in the future I might let users opt out of long-term IP logging if they have a public key registered in a (currently-not-existing) public-key-registration system. Though, again, even then you should model this site and all sites as keeping complete logs.

Unless I am somehow required to do so by law (though I can't see how in this case), I will not assist police who are seeking to enforce any Bitcoin ban.

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

Try it and see how many IPs you get...
sr. member
Activity: 840
Merit: 375
May 15, 2018, 02:47:45 PM
#18
I would strongly suggest the OP learn to conceal his true identity for all sites dealing with Crypto.  If you live in a place where you go to jail for using Crypto trust no website.  Theymos runs a decent place but the authorities can force owners/Admins to comply.  It has happened before here.  Going back a few years some PM's were required to be given and the users smart enough to have GPG'd their messages were fine, while others communicating in plain text had a harder time.  My point is not that Theymos is lacking in OPSec, but that YOU should maintain your own security.  If Theymos gave "THEM" absolutely everything his has on me they would have NOTHING.  Get it?  If I were going to make a site specific suggestion, I don't like the current sign in because the passwords are exposed (security wise).  In a perfect world we would have U2F and then I could change my now exposed password and associated email account to this username.
Yeah,that's what I learned from this,thanks.But as I said if IPs are recorded from the beginning it's too late now to conceal my identity.
Meh, what a feeling to live in a third party world..
Thanks everyone.
hero member
Activity: 761
Merit: 606
May 15, 2018, 02:37:20 PM
#17
I would strongly suggest the OP learn to conceal his true identity for all sites dealing with Crypto.  If you live in a place where you go to jail for using Crypto trust no website.  Theymos runs a decent place but the authorities can force owners/Admins to comply.  It has happened before here.  Going back a few years some PM's were required to be given and the users smart enough to have GPG'd their messages were fine, while others communicating in plain text had a harder time.  My point is not that Theymos is lacking in OPSec, but that YOU should maintain your own security.  If Theymos gave "THEM" absolutely everything his has on me they would have NOTHING.  Get it?  If I were going to make a site specific suggestion, I don't like the current sign in because the passwords are exposed (security wise).  In a perfect world we would have U2F and then I could change my now exposed password and associated email account to this username.
staff
Activity: 3304
Merit: 4115
May 15, 2018, 02:29:47 PM
#16
Only dynamic IP changes not the static one.And the dynamic one can forward to the static one so it's not a big deal.
Meh,since now more and more countries are banning Bitcoin/Cryptocurrency , theymos should atleast give some informations on how bitcointalk deals with these kind of requests if they are ever made by the authorities.
People also change ISPs and thus their IP changes. I was referring it not being a problem too much for the ones that were leaked if someone has changed providers not particularly you.



 
See? That's what I'm talking about. This kind of glitch shoundn't be there.

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

This has happened before, and isn't allowed. See: https://bitcointalksearch.org/topic/tracking-pixels-split-from-mike-hearns-blacklist-thread-341146
Rauol Duke who was a member of the staff at the time removed it, and we can only assume that this isn't tolerated and these sort of things are checked.

See the discussion for ways to avoid this through extensions. E.g Request Policy You are also susceptible to this sort of breach of privacy anywhere you visit. For example, if someone posted a link of a image on Reddit/r/Bitcoin and, you viewed it.  It would require the person to actually own the website, and have the image hosted on their server. Therefore, they are pretty easy to identify, and as long as you have some sort of protection like requestpolicy (discontinued) you are fine. For example, uMatrix is pretty good especially when used in conjunction with uBlock. Although, it can make some ugly viewing at default settings you can whitelist/blacklist what you want.
sr. member
Activity: 840
Merit: 375
May 15, 2018, 02:24:43 PM
#15
I'm trying to find a particular post which explained when a IP is logged. I do believe it was when registering, sending a PM or posting on the forum. I believe there's a log kept for every single one of these, but may be deleted over time. (probably not the initial registered recorded IP)

When the server was compromised back in 2015, the hacker had access to users registered IP, and last used IP. Therefore, I think it's safe to assume that the registration IP is always kept in the database. However, peoples IPs change so it isn't that big of a deal.

Although, I doubt that any country would forbid one for signing up to a discussion forum about Bitcoin. Barring your activities on the site it isn't likely going to go against you if all you've done is participated in discussion.

I really think that theymos  has to be more transparent about how user's sensitive informations are dealt with.
It's not like he's waving it around it public though, and only releases information on a person if he believes they are guilty, and the authorities have provided enough reason to do so. (like any server owner)

Plus, at the moment there hasn't been a database leak since you registered so your IP is currently not public as only admins can see it.
Edit:Especially that when registering with a public proxy from tor or a VPN,you have to pay a fee for it.


The unit of evil system is transparent:
Q: Why is my IP banned? What are those units of evil?
A: Your IP might be banned because it was used by a user that got perma banned. Don't worry - IP bans decay over time if there's not too many of them during a small period. If you register using a banned IP, are using TOR, VPNs or well known proxies, you will have to pay a small fee. This is to prevent spammers while allowing legitimate members to post without many restrictions.


That's included in mpreps stickied Unofficial list of (official) Bitcointalk.org rules, guidelines, FAQ theymos has also spoken about it before:
When you register, the IP that you used when you submitted the registration form is used to calculate your evilness. The more frequently this IP or its neighbors were banned, the more evil is associated with your account. The amount of evil associated with an IP decays slowly over time, but the amount of evil associated with an account does not. You must pay or be manually whitelisted to enable posting on one of these "banned" accounts.

Here are some stats:

Evil% new users
053
0-135
1-104.4
10-200.80
20-502.2
50-1001.3
100+2.9

Currently each unit of evil requires a payment of 4023 satoshi. You only need to pay something if you have 1 or more, though.
Only dynamic IP changes not the static one.And the dynamic one can forward to the static one so it's not a big deal.
Meh,since now more and more countries are banning Bitcoin/Cryptocurrency , theymos should atleast give some informations on how bitcointalk deals with these kind of requests if they are ever made by the authorities.

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.
See? That's what I'm talking about. This kind of glitch shoundn't be there.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
May 15, 2018, 02:21:32 PM
#14
If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.
staff
Activity: 3304
Merit: 4115
May 15, 2018, 02:04:12 PM
#13
I'm trying to find a particular post which explained when a IP is logged. I do believe it was when registering, sending a PM or posting on the forum. I believe there's a log kept for every single one of these, but may be deleted over time. (probably not the initial registered recorded IP)

When the server was compromised back in 2015, the hacker had access to users registered IP, and last used IP. Therefore, I think it's safe to assume that the registration IP is always kept in the database. However, peoples IPs change so it isn't that big of a deal.

Although, I doubt that any country would forbid one for signing up to a discussion forum about Bitcoin. Barring your activities on the site it isn't likely going to go against you if all you've done is participated in discussion.

I really think that theymos  has to be more transparent about how user's sensitive informations are dealt with.
It's not like he's waving it around it public though, and only releases information on a person if he believes they are guilty, and the authorities have provided enough reason to do so. (like any server owner)

Plus, at the moment there hasn't been a database leak since you registered so your IP is currently not public as only admins can see it.
Edit:Especially that when registering with a public proxy from tor or a VPN,you have to pay a fee for it.


The unit of evil system is transparent:
Q: Why is my IP banned? What are those units of evil?
A: Your IP might be banned because it was used by a user that got perma banned. Don't worry - IP bans decay over time if there's not too many of them during a small period. If you register using a banned IP, are using TOR, VPNs or well known proxies, you will have to pay a small fee. This is to prevent spammers while allowing legitimate members to post without many restrictions.


That's included in mpreps stickied Unofficial list of (official) Bitcointalk.org rules, guidelines, FAQ theymos has also spoken about it before:
When you register, the IP that you used when you submitted the registration form is used to calculate your evilness. The more frequently this IP or its neighbors were banned, the more evil is associated with your account. The amount of evil associated with an IP decays slowly over time, but the amount of evil associated with an account does not. You must pay or be manually whitelisted to enable posting on one of these "banned" accounts.

Here are some stats:

Evil% new users
053
0-135
1-104.4
10-200.80
20-502.2
50-1001.3
100+2.9

Currently each unit of evil requires a payment of 4023 satoshi. You only need to pay something if you have 1 or more, though.
sr. member
Activity: 840
Merit: 375
May 15, 2018, 01:36:00 PM
#12
Only administrators can see his IP address unless the data is compromised yes. However, there are some "tricks" if someone wants your IP, but if you are targeted and someone really wants your IP, you just need to not make yourself a target...

If you are really concerned with your IP, buy a  VPS, make your own VPN. You need maybe 30 minutes and can find some cheap deal on LowEndBox for $15 per year

I just wanted to bring this topic back as I have some few other questions.

---------------------------------------------------------------------------------------------------------------------
The problem is,even using a VPN right now,it won't be of any help since the forum has probably recorded my residential IP before (When I registered for example)
I really think that theymos  has to be more transparent about how user's sensitive informations are dealt with.

Edit:Especially that when registering with a public proxy from tor or a VPN,you have to pay a fee for it.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
January 27, 2018, 08:51:15 PM
#11
Not very. There were several (2+) incidents of hacking around here and some of those compromised password hashes and IP addresses. It is not impossible to gain access to servers, no matter how secure it appears to be. There's only so many precautions you can take when your server is supposed to serve the whole world.

If you value your privacy, view every website as if they are insecure.
copper member
Activity: 434
Merit: 278
Offering Escrow 0.5 % fee
January 27, 2018, 08:00:47 PM
#10
Even if cryptocurrency isn't banned in my country I still use vpn I just don't know if VPN is allowed in this forum, but as Theymos said use TOR I guess VPN is not much that an issue.

And also I use dualbooth on windows os and linux os that way I have a different I.P address everytime I use the other, for an instance I use Linux when I'm on this forum and use the other one when outside.

America AFAIK regulates a constitution that cryptocurrency is not allowed in the country because a lot of scamming has happened with the help of those, or rather I say with those always involve, alternatively some haven't been convicted because of untraceable evidence that they have.
sr. member
Activity: 840
Merit: 375
January 27, 2018, 07:33:56 PM
#9


Government don't have to "force" Bitcointalk to leak user's IP. They just send subpoenas to Admin (Theymos) asking for all the details of the account(s) they're interested in. I believe that's applicable only for ongoing investigations, where the charges have been pressed, not a routine checks, but not sure on that.

In your case, in practice, your local authorities would have to know that you are resident of the country and if they wanted to go after you, they would have to request their US counterparts to get your details from Theymos. That is very unlikely to happen unless you're a big fish.

What I would be more concerned about, is your local law enforcement authorities asking your local Internet Service Providers for the details of all the frequent visitors of BTC/crypto related websites.

Invest in VPN.
Damn,I haven't thought of governments asking ISPs to check people activities.

The problem with VPNs is that they are also companies and nothing guarantee that they also won't leak my IP address etc...I think tor is the best to go since there is a concrete proof that with tor you are untraceable (dark/deep web) but yet,BitcoinTalk is having issues with accepting tor dunno if they changed that though.

Anyway thanks for the replies guys.Let me know if you have more infos.I'll try to figure it out on my part.
Only administrators can see his IP address unless the data is compromised yes. However, there are some "tricks" if someone wants your IP, but if you are targeted and someone really wants your IP, you just need to not make yourself a target...

If you are really concerned with your IP, buy a  VPS, make your own VPN. You need maybe 30 minutes and can find some cheap deal on LowEndBox for $15 per year
I don't trust VPNs that much to be honest but thanks for the suggestion VPN better than nothing
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
January 27, 2018, 07:30:00 PM
#8
Only administrators can see his IP address unless the data is compromised yes. However, there are some "tricks" if someone wants your IP, but if you are targeted and someone really wants your IP, you just need to not make yourself a target...

If you are really concerned with your IP, buy a  VPS, make your own VPN. You need maybe 30 minutes and can find some cheap deal on LowEndBox for $15 per year
legendary
Activity: 2436
Merit: 1561
January 27, 2018, 07:23:58 PM
#7
Hello guys,
Recently a question crossed my mind about bitcointalk.
As we know Bitcoin is pseudo-anonymous , so basically users post their bitcoin address here ; let's take per example "Aveatrex" posted his bitcoin address to receive a payment,unless someone knows  "Aveatrex" real identity in real life the payment will be anonymous.
But, if someone knows "Aveatrex" IP, he would know "Aveatrex" identity

The word is "pseudonymous" not "pseudo-anonymous". Common mistake.

so here's my question: How secure BitcoinTalk? I mean it is possible for someone to get my IP from here? And what happens if a government forces BitcoinTalk to leak users IP address?
This is really important for me as I live in a country where Bitcoin/Cryptocurrency is banned/illegal.


PS:This is a serious discussion don't spam your signature.


Government don't have to "force" Bitcointalk to leak user's IP. They just send subpoenas to Admin (Theymos) asking for all the details of the account(s) they're interested in. I believe that's applicable only for ongoing investigations, where the charges have been pressed, not a routine checks, but not sure on that.

In your case, in practice, your local authorities would have to know that you are resident of the country and if they wanted to go after you, they would have to request their US counterparts to get your details from Theymos. That is very unlikely to happen unless you're a big fish.

What I would be more concerned about, is your local law enforcement authorities asking your local Internet Service Providers for the details of all the frequent visitors of BTC/crypto related websites.

Invest in VPN.
sr. member
Activity: 840
Merit: 375
January 27, 2018, 07:17:34 PM
#6
If the forum gets hacked again, then who knows what will happen with the data which was compromised. It'll likely get sold and eventually surface in the public eyes for free.

How likely is it that the government will request your information? Unless, you are caught breaking the law and up on trial it's unlikely that they would send a request. The above link was major news around the crypto world. It's probably the biggest subpoena that theymos has received to date. If theymos does receive a request to release data on you then it's down to his discretion.
Well I don't know how likely that the government will request my informatios but you never know,we can't predit the future.
Although there is someways to hide IP address and stuff like theymos said:

I am willing to cooperate with police on real scams. Whenever someone asks me to release a scammer's IP, I tell them to have police email me from an official police address. I have received police requests a handful of times. Mostly the cases were real scams and I gave the police the requested info. In some cases I've rejected their requests. For example, I refused to give information to some foreign version of the SEC because securities laws are unjust. Of course, you should not trust that I will act in your best interest. If you want to be anonymous, then you must use Tor (or whatever).

But as far as I know Bitcointalk is blocking connections from tor and asks to pay some fee to be able to use the tor proxy IP.I guess that is to avoid multi-accounts from scammers and spammers but it's problematic.
staff
Activity: 3304
Merit: 4115
January 27, 2018, 06:57:05 PM
#5
If the forum gets hacked again, then who knows what will happen with the data which was compromised. It'll likely get sold and eventually surface in the public eyes for free.

How likely is it that the government will request your information? Unless, you are caught breaking the law and up on trial it's unlikely that they would send a request. The above link was major news around the crypto world. It's probably the biggest subpoena that theymos has received to date. If theymos does receive a request to release data on you then it's down to his discretion.
sr. member
Activity: 840
Merit: 375
January 27, 2018, 06:51:24 PM
#4
Only administrators can see your IP address. If theymos receives a request from the government or whoever then he'll likely have to give up public information depending on the details of the case. Though, how likely would it be that the government would request theymos to release information. Especially if you are just browsing and taking part in discussion.

theymos has in the past gave up public information: https://bitcointalksearch.org/topic/dpr-subpoena-881488
Let's just say that case was quite substantial.

I am willing to cooperate with police on real scams. Whenever someone asks me to release a scammer's IP, I tell them to have police email me from an official police address. I have received police requests a handful of times. Mostly the cases were real scams and I gave the police the requested info. In some cases I've rejected their requests. For example, I refused to give information to some foreign version of the SEC because securities laws are unjust. Of course, you should not trust that I will act in your best interest. If you want to be anonymous, then you must use Tor (or whatever).

Well that is problematic.
As I said above,I live in a country where Bitcoin/Cryptocurrency is banned/illegal.Suppose my country's government asks admin to give them my IP address etc.. I guess he would release them?Obviously I'm not a scammer but I give value to my privacy because of my country
Are you sure that only admins have access to my IP?I remember that BitcoinTalk was hacked before.What will happen if BitcoinTalk gets hacked and informations get leaked?Sorry for being paranoid.That how it feels when living in a country where cryptos is banned.
hero member
Activity: 882
Merit: 544
January 27, 2018, 06:51:17 PM
#3
Don't worry about it because bitcointalk is secure. As far as I know  anyone can get IP address of any user here in bitcointalk if they know a thing or two about hacking but according to this thread : https://bitcointalksearch.org/topic/is-it-possible-to-find-the-ip-address-of-a-bitcoin-address-676827, no one can ascertain your identity by merely getting your IP address. If the government forces they to release information, then he will but it won't happen if you are not involved in something illegal.
staff
Activity: 3304
Merit: 4115
January 27, 2018, 06:38:37 PM
#2
Only administrators can see your IP address. If theymos receives a request from the government or whoever then he'll likely have to give up public information depending on the details of the case. Though, how likely would it be that the government would request theymos to release information. Especially if you are just browsing and taking part in discussion.

theymos has in the past gave up public information: https://bitcointalksearch.org/topic/dpr-subpoena-881488
Let's just say that case was quite substantial.

I am willing to cooperate with police on real scams. Whenever someone asks me to release a scammer's IP, I tell them to have police email me from an official police address. I have received police requests a handful of times. Mostly the cases were real scams and I gave the police the requested info. In some cases I've rejected their requests. For example, I refused to give information to some foreign version of the SEC because securities laws are unjust. Of course, you should not trust that I will act in your best interest. If you want to be anonymous, then you must use Tor (or whatever).


Here's some information too, outdated but information nonetheless: https://bitcointalksearch.org/topic/about-releases-of-ip-addresses-and-other-info-38253
sr. member
Activity: 840
Merit: 375
January 27, 2018, 06:31:17 PM
#1
Hello guys,
Recently a question crossed my mind about bitcointalk.
As we know Bitcoin is pseudo-anonymous , so basically users post their bitcoin address here ; let's take per example "Aveatrex" posted his bitcoin address to receive a payment,unless someone knows  "Aveatrex" real identity in real life the payment will be anonymous.
But, if someone knows "Aveatrex" IP, he would know "Aveatrex" identity , so here's my question: How secure BitcoinTalk? I mean it is possible for someone to get my IP from here? And what happens if a government forces BitcoinTalk to leak users IP address?
This is really important for me as I live in a country where Bitcoin/Cryptocurrency is banned/illegal.


PS:This is a serious discussion don't spam your signature.
Jump to: