Privacy Concerns, Can Administrators and Mods Access Personal Messages?

hugeblack

legendary

Activity: 2506

Merit: 3645

Buy/Sell crypto at BestChange

Quote from: light_warrior on August 17, 2023, 12:13:49 PM

Quote from: theymos on August 29, 2012, 02:49:37 PM

Only me, Gavin, Satoshi, and Sirius can decrypt it.

You can read this topic. It contains quotes from theymos on the subject.

This information is old, but it represents that the administrator and Global Moderator can read messages after decrypting them, or more precisely, this quote is better:

Quote from: theymos on September 09, 2012, 12:14:26 PM

Global moderators can download the encrypted database backups. Admins and past admins (Gavin, Satoshi, Sirius, me, and now justmoon) can decrypt them -- they therefore have complete access to the database and can read PMs, etc. Justmoon and I can also query the live database.

In addition to the concerns reported by some about third-party applications and cloudflare.

BTW, There was an administrator called @Justmoon Shocked

he reminds me of suchmoon Grin

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: light_warrior on August 17, 2023, 12:13:49 PM

~snip~
A limited number of people can read the personal messages. Personal messages are stored in the database in encrypted form and only those who have the decryption key can read them.

Given that my post, in which I stated, is another example of who can technically read PM, for those who do not read what others write and respond only to certain posts I will quote again. The post from 2012 is out of date anyway, unless Gavin still has the privilege of reading PMs, which would not only be illogical, but also dangerous since he's long gone to the dark side.

Quote from: Lucius on August 17, 2023, 05:34:33 AM

Quote from: suchmoon on February 10, 2020, 05:47:52 PM

We don't log your IP address when the extension contacts our server but if you don't trust us you should use Tor or VPN. The extension can technically read any data from your BitcoinTalk session, including your PMs, but it doesn't do so. It collects user IDs from the page you're looking at - e.g. a list of posts in a thread - and sends that list of IDs to bpip.org to get info about those users, and only does so if you turn the optional features on (these features are off by default).

The extension works even if you browse BitcoinTalk.org without being logged in. The source code is not obfuscated and can be examined by anyone with sufficient JavaScript knowledge using developer tools built into most browsers. Same tools can also be used to check network traffic to/from the extension.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: ABCbits on August 17, 2023, 05:32:31 AM

I'm surprised nobody mention CloudFlare so far, which is used by this forum. CloudFlare decrypt internet connection between you and Bitcointalk server for various reason (primarily for DDoS protection) which mean theoretically they could log and analyze data transmitted between you and Bitcointalk server.

They can't do that, because it's an HTTPS connection so all packets they collect will be encrypted with TLS 1.2 or similar. The certificate and private key is with Theymos as well, not with Cloudflare which only takes on your DNS and relays it to your server after filtering out bot traffic.

philipma1957

legendary

Activity: 4158

Merit: 8049

'The right to privacy matters'

Some of my PM's have been read by someone and released in a thread. YEARS AGO Say 2014 or 2015.

Pm's are not private. They can be looked at in more than one way by more than one person.

Don't use PM's if you don't want the info revealed.

The government can force them to be released.
A few can actually read them with no effort at all.
Your account or the account you sent a pm to can be hacked.
This site was hacked at least once and some info was leaked.

and anyone that you sent a pm to may reveal it for good or bad reasons.

So if you want privacy do not consider the pm to be failsafe.

dkbit98

legendary

Activity: 2212

Merit: 7064

You can always encrypt all messages on your own and send them to other members, but they would need to have decrypting keys to read them.
If you want to share private confidential information you shouldn't use anything without encryption, but for casual talk it's fine to use forum messages and you shouldn't be concerned about that.
Note that not all encryption is made equal, and I don't consider telegram encryption is good.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: ABCbits on August 17, 2023, 05:32:31 AM

I'm surprised nobody mention CloudFlare so far, which is used by this forum.
~

I'm surprised that you are surprised by this! Cheesy

Quote from: Stalker22 on August 16, 2023, 05:46:56 PM

~ there would still be a range of potential man-in-the-middle scenarios to worry about. Your local network administrator can intercept communication, as can your ISP, your VPN provider, CloudFlare, hosting provider, server administrators, ...

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

The Privacy page clearly states that the forum has to obey the US.
so if government send forum admins kind of subpoena for a user's data including PMs, admins will have to fulfill such request.

Quote

Variation
Variation from the above normal procedure may occur, for example, due to these causes:

   Bitcointalk.org is in US jurisdiction, and is subject to US subpoenas, wiretap orders, preservation orders (which would negate the above retention rules), and similar. Furthermore, our service providers could also be subject to similar orders without our knowledge. Note that we consider PMs to require a warrant in order to be released.
   At our sole discretion, we may voluntarily assist law enforcement worldwide. Generally we do this only when we perceive that the target user has probably committed a serious and non-victimless crime.
   At our sole discretion, we may (noncommercially) share or extend retention on any of a specific user's userdata even without law-enforcement involvement. This is very rare.
   While we don't intentionally set up systems to do so, data may end up laying around for longer than the above-specified retention limits accidentally. For example, a sysadmin might copy the access logs in order to analyze an ongoing DDoS attack and then forget to delete them for a while.
   Computer security can never be guaranteed.

It was done with Silk Road case years ago. I am not sure about CM case as no information about it from theymos.

By the way, by checking the page today, I noticed that theymos should edit its content as Wasabi wallet is still recommended to use. If theymos listened to community voice and excluded Ledger wallet, why he did not do the same with Wasabi wallet.

Quote

Use private payment technology such as the Wasabi wallet

light_warrior

copper member

Activity: 602

Merit: 926

So this has been discussed many times already. You could just use the Meta search to find the answers to your questions. theymos has already answered this kind of questions.

A limited number of people can read the personal messages. Personal messages are stored in the database in encrypted form and only those who have the decryption key can read them.

Quote from: theymos on August 29, 2012, 02:49:37 PM

Only me, Gavin, Satoshi, and Sirius can decrypt it.

You can read this topic. It contains quotes from theymos on the subject.

"PM privacy is not guaranteed. Encrypt sensitive messages. "

virasog

legendary

Activity: 2954

Merit: 1159

Quote from: Sandra_hakeem on August 16, 2023, 05:37:25 PM

What informations do you really have to convey through PM's that doesn't warranty the admin's solicitude?? BTC deals that the forum doesn't have? Ponzis that nobody has never heard of?? Sexuality and sensitivity?? Except these PM's are really concrete for encryptions, but then i see nothing wrong with that.
Theymos won't make users anonymity so discreet that he ain't got no details about it... afterall he controls the site itself...

Sandra 🧑‍🦰

Well, intelligent people may think out of the box and you never know some people might send the private key to themselves thinking that it is the safest place as no one can access the PM. Wink

or more generous ones may send the private key or seed phrases to their friends through PM to keep them save. We just can't image what people's use cases for the PM.

No one realizes that once you upload, write or store anything on the internet, whether it's a personal email message or a personal drive, nothing is secure and private. The centralized company providing the services have access to each and everything that is stored on their servers.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: hugeblack on August 17, 2023, 07:52:29 AM

Does anyone know the amount of data that was requested regarding CM. Bitcointalk was mentioned several times in that report, but I don't know whether they relied on the data available to everyone, or asked for IP addresses and private messages.

This information can only be known by the admin, and I am not aware that he has commented on anything related to CM. In the event that someone's personal messages or other private data are given to third parties at their request, those forum members should be notified. Of course, if something has not changed in this regard compared to 2015 (I am referring to the link posted by @TryNinja).

hugeblack

legendary

Activity: 2506

Merit: 3645

Buy/Sell crypto at BestChange

Several years ago there was a proposal to publish Satoshi's private messages, but after a while this idea was stopped, so all data from day1 is recorded.

Quote from: TryNinja on August 17, 2023, 06:49:21 AM

Also, remember that theymos being a privacy advocate doesn’t mean you shouldn’t be cautious. He already shared PMs for a subpoena: https://bitcointalksearch.org/topic/bfl-subpoena-1027518

Does anyone know the amount of data that was requested regarding CM. Bitcointalk was mentioned several times in that report, but I don't know whether they relied on the data available to everyone, or asked for IP addresses and private messages.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: The Sceptical Chymist on August 16, 2023, 09:21:27 PM

(although I don't have direct knowledge of the first claim, that Theymos has access to everything; you should just assume it to be true for security's sake).

Doesn’t he have access to the forum’s server backend? He’s the one coding or adding patches to the forum: April fool’s pranks, merit system, etc…. Access to the server = full access to every single byte of data and how the forum behaves.

Also, remember that theymos being a privacy advocate doesn’t mean you shouldn’t be cautious. He already shared PMs for a subpoena: https://bitcointalksearch.org/topic/bfl-subpoena-1027518

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Everything is more or less well explained in previous posts, and those who didn't know it by now may have learned the difference between personal and private.

However, it should be noted that there is someone else who can technically read your personal messages, and this is the BPIP extension. If you use it, pay attention to the following :

Quote from: suchmoon on February 10, 2020, 05:47:52 PM

We don't log your IP address when the extension contacts our server but if you don't trust us you should use Tor or VPN. The extension can technically read any data from your BitcoinTalk session, including your PMs, but it doesn't do so. It collects user IDs from the page you're looking at - e.g. a list of posts in a thread - and sends that list of IDs to bpip.org to get info about those users, and only does so if you turn the optional features on (these features are off by default).

The extension works even if you browse BitcoinTalk.org without being logged in. The source code is not obfuscated and can be examined by anyone with sufficient JavaScript knowledge using developer tools built into most browsers. Same tools can also be used to check network traffic to/from the extension.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

I'm surprised nobody mention CloudFlare so far, which is used by this forum. CloudFlare decrypt internet connection between you and Bitcointalk server for various reason (primarily for DDoS protection) which mean theoretically they could log and analyze data transmitted between you and Bitcointalk server.

Quote from: SatoPrincess on August 16, 2023, 04:36:01 PM

Telegram has a in built feature that supports encrypted messages

Take note default chat isn't encrypted, you'll need to use "secret chat" feature to obtain end-to-end encryption. Or even consider Signal which always use encryption and backed by more transparent company.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Quote from: Hatchy on August 16, 2023, 12:29:44 PM

I don't think members have ever taught about this before which I why I decided to raise this thread.

If you ever gave attention to your screen then you may not have such thoughts in the first place.

Quote from: Hatchy on August 16, 2023, 12:29:44 PM

Although I recognize that the intention behind granting this access might be to counter spam and fraudulent behavior, I personally find the idea of reading other people's private messages invasive. PMs are meant to be personal, and it's troubling to think that anyone apart from the intended recipients or sender can access them.

The same goes on every platform you are using on a daily basis for example your social media messages are completely private?

So it makes sense right, if you ever want to send any sensitive information over an internet platform then encrypt it.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

If a person is fighting for their privacy, it would be very naive to send a PM to someone and hope that their messages will be protected. What data can we get in the PM and worry about? Only personal data. Therefore, do not send them to the forum; there are many instant messengers where you can communicate confidentially. I know that the administrator sees all our IP addresses. And if he has access to such information, then why not have access to everything else? As mentioned above, do not write a PM if you do not trust anyone. After all, your opponent can be hacked, and all PMs sent will be available to the hacker, and the moderators will not be able to prevent him from reading them.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

AFAIK, Both theymos and cyrus can read your messages at any time they want, and each of Mr. big, hilariousandco, mprep can read them when you report it to them, so if you want to send sensitive or personal data, it is better to avoid sending using PM, and if you want to communicate with someone Encrypting the message using PGP will be fine if you do not want a third party to view it.

Solosanz

hero member

Activity: 840

Merit: 612

I'm just thinking like how high the privacy level you want to achieve?

A real private person will try as much as he can to avoid leaving his trace, however I've dig your post history and found you're posting in your local board. You could argue I only know your country, but at least I have a clue. As long as you're not a drug seller, scammer or related with illegal thing, you're fine.

Quote from: Halab on August 16, 2023, 01:00:59 PM

After that, on a forum (or any other form of communication on internet), if you don't trust the admin, don't use the forum or don't send a PM.

Your answer are correct but I'd say he can use Privnote so it will not make the administrators can read his PM including someone who's compromise his account.

dzungmobile

sr. member

Activity: 658

Merit: 354

I stand with Ukraine!

If you use a platform, you have to worry about your privacy. If you want to have privacy, protect it, you must do all things good at beginning, like Satoshi Nakamoto. If you began badly, your privacy was broken, you can not fix your practice and get your privacy back 100%.

Because someone can dig into the past, available database, archives, to find information about you.

https://bitcointalk.org/privacy.php
Retention / privacy info. It is a latest change of privacy and it was made in 2019.

The Sceptical Chymist

legendary

Activity: 3374

Merit: 6880

Top Crypto Casino

Quote from: TryNinja on August 16, 2023, 12:34:37 PM

theymos has complete access to all databases and software code used by the forum, so you can never assume that your PMs are private, even if he claims he will never read them. Taking this into account, you should never discuss sensitive information through your PMs. Use a proper encrypted solution for that.

I second this (although I don't have direct knowledge of the first claim, that Theymos has access to everything; you should just assume it to be true for security's sake). But even though I think sensitive communications ought to be done off-site, I don't think there's ever been trouble as far as Theymos's end is concerned, i.e., I've never heard that he's released anyone's PMs to anyone else. Not that he couldn't or wouldn't still do so, but he's always struck me as the type of person who respects others' privacy.

In the end....just don't trust anyone here more than you have to, even with PMs.

Topic: Privacy Concerns, Can Administrators and Mods Access Personal Messages? (Read 364 times)