Topic: Privacy Concerns, Can Administrators and Mods Access Personal Messages? (Read 386 times)

This information is old, but it represents that the administrator and Global Moderator can read messages after decrypting them, or more precisely, this quote is better:


In addition to the concerns reported by some about third-party applications and cloudflare.

BTW, There was an administrator called @Justmoon  he reminds me of suchmoon

Given that my post, in which I stated, is another example of who can technically read PM, for those who do not read what others write and respond only to certain posts I will quote again. The post from 2012 is out of date anyway, unless Gavin still has the privilege of reading PMs, which would not only be illogical, but also dangerous since he's long gone to the dark side.

They can't do that, because it's an HTTPS connection so all packets they collect will be encrypted with TLS 1.2 or similar. The certificate and private key is with Theymos as well, not with Cloudflare which only takes on your DNS and relays it to your server after filtering out bot traffic.

Some of my PM's have been read by someone and released in a thread. YEARS AGO Say 2014 or 2015.

Pm's are not private. They can be looked at in more than one way by more than one person.

Don't use PM's if you don't want the info revealed.

The government can force them to be released.
A few can actually read them with no effort at all.
Your account or the account  you sent a pm to can be hacked.
This site was hacked at least once and some info was leaked.

and anyone that you sent a pm to may reveal it for good or bad reasons.

So if you want  privacy do not consider the pm to be failsafe.

You can always encrypt all messages on your own and send them to other members, but they would need to have decrypting keys to read them.
If you want to share private confidential information you shouldn't use anything without encryption, but for casual talk it's fine to use forum messages and you shouldn't be concerned about that.
Note that not all encryption is made equal, and I don't consider telegram encryption is good.

I'm surprised that you are surprised by this! 

The Privacy page clearly states that the forum has to obey the US.
so if government send forum admins kind of subpoena for a user's data including PMs, admins will have to fulfill such request.

It was done with Silk Road case years ago. I am not sure about CM case as no information about it from theymos.

By the way, by checking the page today, I noticed that theymos should edit its content as Wasabi wallet is still recommended to use. If theymos listened to community voice and excluded Ledger wallet, why he did not do the same with Wasabi wallet.

So this has been discussed many times already. You could just use the Meta search to find the answers to your questions. theymos has already answered this kind of questions.

A limited number of people can read the personal messages. Personal messages are stored in the database in encrypted form and only those who have the decryption key can read them.


You can read this topic. It contains quotes from theymos on the subject.

"PM privacy is not guaranteed. Encrypt sensitive messages. "

Well, intelligent people may think out of the box and you never know some people might send the private key to themselves thinking that it is the safest place as no one can access the PM.   or more generous ones may send the private key or seed phrases to their friends through PM to keep them save. We just can't image what people's use cases for the PM.

No one realizes that once you upload, write or store anything on the internet, whether it's a personal email message or a personal drive, nothing is secure and private. The centralized company providing the services have access to each and everything that is stored on their servers.

This information can only be known by the admin, and I am not aware that he has commented on anything related to CM. In the event that someone's personal messages or other private data are given to third parties at their request, those forum members should be notified. Of course, if something has not changed in this regard compared to 2015 (I am referring to the link posted by @TryNinja).

Several years ago there was a proposal to publish Satoshi's private messages, but after a while this idea was stopped, so all data from day1 is recorded.



Does anyone know the amount of data that was requested regarding CM. Bitcointalk was mentioned several times in that report, but I don't know whether they relied on the data available to everyone, or asked for IP addresses and private messages.

Doesn’t he have access to the forum’s server backend? He’s the one coding or adding patches to the forum: April fool’s pranks, merit system, etc…. Access to the server = full access to every single byte of data and how the forum behaves.

Also, remember that theymos being a privacy advocate doesn’t mean you shouldn’t be cautious. He already shared PMs for a subpoena: https://bitcointalksearch.org/topic/bfl-subpoena-1027518

Everything is more or less well explained in previous posts, and those who didn't know it by now may have learned the difference between personal and private.

However, it should be noted that there is someone else who can technically read your personal messages, and this is the BPIP extension. If you use it, pay attention to the following :

I'm surprised nobody mention CloudFlare so far, which is used by this forum. CloudFlare decrypt internet connection between you and Bitcointalk server for various reason (primarily for DDoS protection) which mean theoretically they could log and analyze data transmitted between you and Bitcointalk server.


Take note default chat isn't encrypted, you'll need to use "secret chat" feature to obtain end-to-end encryption. Or even consider Signal which always use encryption and backed by more transparent company.

If you ever gave attention to your screen then you may not have such thoughts in the first place.


The same goes on every platform you are using on a daily basis for example your social media messages are completely private?

So it makes sense right, if you ever want to send any sensitive information over an internet platform then encrypt it.

If a person is fighting for their privacy, it would be very naive to send a PM to someone and hope that their messages will be protected. What data can we get in the PM and worry about? Only personal data. Therefore, do not send them to the forum; there are many instant messengers where you can communicate confidentially. I know that the administrator sees all our IP addresses. And if he has access to such information, then why not have access to everything else? As mentioned above, do not write a PM if you do not trust anyone. After all, your opponent can be hacked, and all PMs sent will be available to the hacker, and the moderators will not be able to prevent him from reading them.

AFAIK, Both theymos and cyrus can read your messages at any time they want, and each of Mr. big, hilariousandco, mprep can read them when you report it to them, so if you want to send sensitive or personal data, it is better to avoid sending using PM, and if you want to communicate with someone Encrypting the message using PGP will be fine if you do not want a third party to view it.

I'm just thinking like how high the privacy level you want to achieve?

A real private person will try as much as he can to avoid leaving his trace, however I've dig your post history and found you're posting in your local board. You could argue I only know your country, but at least I have a clue. As long as you're not a drug seller, scammer or related with illegal thing, you're fine.

Your answer are correct but I'd say he can use Privnote so it will not make the administrators can read his PM including someone who's compromise his account.

If you use a platform, you have to worry about your privacy. If you want to have privacy, protect it, you must do all things good at beginning, like Satoshi Nakamoto. If you began badly, your privacy was broken, you can not fix your practice and get your privacy back 100%.

Because someone can dig into the past, available database, archives, to find information about you.

• https://bitcointalk.org/privacy.php
• Retention / privacy info. It is a latest change of privacy and it was made in 2019.

I second this (although I don't have direct knowledge of the first claim, that Theymos has access to everything; you should just assume it to be true for security's sake).  But even though I think sensitive communications ought to be done off-site, I don't think there's ever been trouble as far as Theymos's end is concerned, i.e., I've never heard that he's released anyone's PMs to anyone else.  Not that he couldn't or wouldn't still do so, but he's always struck me as the type of person who respects others' privacy.

In the end....just don't trust anyone here more than you have to, even with PMs.

What is there to discuss, really? No type of plain-text communication is actually created with privacy as a priority. Even if it were somehow technically impossible for the forum administrators to access private messages, there would still be a range of potential man-in-the-middle scenarios to worry about. Your local network administrator can intercept communication, as can your ISP, your VPN provider, CloudFlare, hosting provider, server administrators, ... Have you ever wondered who might be monitoring your email communication?

If privacy matters to you, take the time to understand how to effectively encrypt your sensitive communications.

What informations do you really have to convey through PM's that doesn't warranty the admin's solicitude?? BTC deals that the forum doesn't have? Ponzis that nobody has never heard of?? Sexuality and sensitivity?? Except these PM's are really concrete for encryptions, but then i see nothing wrong with that.
Theymos won't make users anonymity so discreet that he ain't got no details about it... afterall he controls the site itself...

Sandra 🧑‍🦰

The privacy section of the forum also encourage encrypting sensitive PM, which means these personal messages can be accessed.


The warning is clear, "If you don't want anybody to know about what you want to communicate, don't use the forum". Any confidential matter should be handled in more secured or private channels outside the forum

It’s common knowledge and I’m surprised this is new to you. At the bottom of the message box, you will see this important note.

“Note: PM privacy is not guaranteed. Encrypt sensitive messages.”

I don’t see a problem with the admin having access to pms, if you are not comfortable you can always take your sensitive conversations elsewhere. Telegram has a in built feature that supports encrypted messages

As for personal messages which are reported; I don't know what personal message reports look like exactly, however it might be worth considering removing who reported it, so that at least prevents the moderator knowing whom it was too, unless it was otherwise stated in the personal message. However, that might be the default behaviour, I wouldn't know.

However, without reports from personal messages; problematic users could maliciously or send unsolicited personal messages which could potentially harm other users.

Yes, the administrators can access anything on the forum because they have the access to everything. The administrator can read private messages between two users and he/she can also access those messages even if a user deletes those messages after the conversation. The administrator is the most powerful entity of a forum or site and he/she has access to all the permissions and functions of a site.

The moderators might not have that many privileges and they may not be able to access the private messages on a forum, but that also depends on the structure of a forum if the admin of a forum decides to grant such permissions to moderators then they will also be able to access those private messages between two users. In most of the forums only admin is the central authority that can access or change anything in a forum without anyone's permissions while moderators may hold high privileges than other users, but still they have limited permissions as compare to an admin.

I would still recommend you to avoid sending any messages that may violate the rules of the forum because sending of such messages isn't a good act and if admins may later found such messages then they may take strict actions against such users who violate the terms and conditions of the forum. There are some strict rules of this forum which every user has to follow despite of their status or activity level, and anyone if breaks those rules then those users may face hard times on this forum. But, if a user follows the rules and doesn't do anything that's against the rules of the forum then there won't be any problem for such users.
 

The topic is quite interest to read as i also had these type of questions in my mind but i never tried to think more about these. Because reasons is, i do not have anything personal to share on PMs that i should avoid to send. If i have to give some contact of me then i prefer to use TG and we all know how secure they are.

But, few days back I had an encounter in my Local board where our board moderator Xalolex edited one of ours local member's post and i was stunned to see that but Xalolex is a nice and friendly moderator he edited the post to correct the mistake made by the member and he also gave whole clarification of the matter after asking. Because I got curious so I asked him/her and he replied politely i am really impressed.

Well, coming back to the discussion, he said, yeah we have permission to read and modify user's posts but he did not mentioned any PMs details but i doubt that these moderators are given the access to PMs because PMs access is something personal and it would be in the hand of Administrator only which is Theymos and I do not know anyone else here who would have access to PMs.

You've already found all the answers to your questions.
After that, on a forum (or any other form of communication on internet), if you don't trust the admin, don't use the forum or don't send a PM.

Being an administrator is different from being a moderator, and their access is also not the same.
As your quoted moderator has already stated, Accessing the message is only possible when the person you send the message to reports it over to the moderators for any reason (scam or privacy violation). Reporting a message to the moderators will definitely give them a preview of the message reported so that they can pass a proper judgment on the matter.

But on the side of the administrator, I think he has access to almost everything, unless this forum is not built that way. If not, administrators have access to whatever information they want. But this forum might be different since privacy is highly respected here on the forum, and the Admin is also too busy with other things to go through users personal messages.

While moderators may not access the PM but administrator can read PMs. The forum software does not encrypt the message to store in the database which means anyone who have database access can also read messages between users.

theymos has complete access to all databases and software code used by the forum, so you can never assume that your PMs are private, even if he claims he will never read them. Taking this into account, you should never discuss sensitive information through your PMs. Use a proper encrypted solution for that.

On reading through this thread made by ,rachael9385 I came across a puzzling statement that has left me wondering about the privacy of personal messages.
In a response by Solosanz  it was mentioned 

This statement raised several questions and prompted me to initiate this thread. I delved into some research and found a few older posts where moderators weighed in on the matter. According to a post by Quickseller

I also came across another reply by hilariousandco

I don't think members have ever taught about this before which I why I decided to raise this thread.
 Although I recognize that the intention behind granting this access might be to counter spam and fraudulent behavior, I personally find the idea of reading other people's private messages invasive. PMs are meant to be personal, and it's troubling to think that anyone apart from the intended recipients or sender can access them.

I know this thread might not make much of sence,  but I understand the need for this discussion and hope to hear from moderators or individuals who can shed light on this matter.

(Please refrain from unnecessary responses.)