Author

Topic: Privacy Concerns, Can Administrators and Mods Access Personal Messages? (Read 387 times)

legendary
Activity: 2702
Merit: 4002

Only me, Gavin, Satoshi, and Sirius can decrypt it.

You can read this topic. It contains quotes from theymos on the subject.

This information is old, but it represents that the administrator and Global Moderator can read messages after decrypting them, or more precisely, this quote is better:

Global moderators can download the encrypted database backups. Admins and past admins (Gavin, Satoshi, Sirius, me, and now justmoon) can decrypt them -- they therefore have complete access to the database and can read PMs, etc. Justmoon and I can also query the live database.

In addition to the concerns reported by some about third-party applications and cloudflare.

BTW, There was an administrator called @Justmoon  Shocked he reminds me of suchmoon Grin
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
~snip~
A limited number of people can read the personal messages. Personal messages are stored in the database in encrypted form and only those who have the decryption key can read them.

Given that my post, in which I stated, is another example of who can technically read PM, for those who do not read what others write and respond only to certain posts I will quote again. The post from 2012 is out of date anyway, unless Gavin still has the privilege of reading PMs, which would not only be illogical, but also dangerous since he's long gone to the dark side.

We don't log your IP address when the extension contacts our server but if you don't trust us you should use Tor or VPN. The extension can technically read any data from your BitcoinTalk session, including your PMs, but it doesn't do so. It collects user IDs from the page you're looking at - e.g. a list of posts in a thread - and sends that list of IDs to bpip.org to get info about those users, and only does so if you turn the optional features on (these features are off by default).

The extension works even if you browse BitcoinTalk.org without being logged in. The source code is not obfuscated and can be examined by anyone with sufficient JavaScript knowledge using developer tools built into most browsers. Same tools can also be used to check network traffic to/from the extension.

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I'm surprised nobody mention CloudFlare so far, which is used by this forum. CloudFlare decrypt internet connection between you and Bitcointalk server for various reason (primarily for DDoS protection) which mean theoretically they could log and analyze data transmitted between you and Bitcointalk server.

They can't do that, because it's an HTTPS connection so all packets they collect will be encrypted with TLS 1.2 or similar. The certificate and private key is with Theymos as well, not with Cloudflare which only takes on your DNS and relays it to your server after filtering out bot traffic.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
Some of my PM's have been read by someone and released in a thread. YEARS AGO Say 2014 or 2015.

Pm's are not private. They can be looked at in more than one way by more than one person.

Don't use PM's if you don't want the info revealed.

The government can force them to be released.
A few can actually read them with no effort at all.
Your account or the account  you sent a pm to can be hacked.
This site was hacked at least once and some info was leaked.

and anyone that you sent a pm to may reveal it for good or bad reasons.

So if you want  privacy do not consider the pm to be failsafe.
legendary
Activity: 2212
Merit: 7064
You can always encrypt all messages on your own and send them to other members, but they would need to have decrypting keys to read them.
If you want to share private confidential information you shouldn't use anything without encryption, but for casual talk it's fine to use forum messages and you shouldn't be concerned about that.
Note that not all encryption is made equal, and I don't consider telegram encryption is good.
legendary
Activity: 1526
Merit: 1359
I'm surprised nobody mention CloudFlare so far, which is used by this forum.
~

I'm surprised that you are surprised by this!  Cheesy

~ there would still be a range of potential man-in-the-middle scenarios to worry about. Your local network administrator can intercept communication, as can your ISP, your VPN provider, CloudFlare, hosting provider, server administrators, ...
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
The Privacy page clearly states that the forum has to obey the US.
so if government send forum admins kind of subpoena for a user's data including PMs, admins will have to fulfill such request.
Quote
Variation
Variation from the above normal procedure may occur, for example, due to these causes:

    Bitcointalk.org is in US jurisdiction, and is subject to US subpoenas, wiretap orders, preservation orders (which would negate the above retention rules), and similar. Furthermore, our service providers could also be subject to similar orders without our knowledge. Note that we consider PMs to require a warrant in order to be released.
    At our sole discretion, we may voluntarily assist law enforcement worldwide. Generally we do this only when we perceive that the target user has probably committed a serious and non-victimless crime.
    At our sole discretion, we may (noncommercially) share or extend retention on any of a specific user's userdata even without law-enforcement involvement. This is very rare.
    While we don't intentionally set up systems to do so, data may end up laying around for longer than the above-specified retention limits accidentally. For example, a sysadmin might copy the access logs in order to analyze an ongoing DDoS attack and then forget to delete them for a while.
    Computer security can never be guaranteed.

It was done with Silk Road case years ago. I am not sure about CM case as no information about it from theymos.

By the way, by checking the page today, I noticed that theymos should edit its content as Wasabi wallet is still recommended to use. If theymos listened to community voice and excluded Ledger wallet, why he did not do the same with Wasabi wallet.
Quote
Use private payment technology such as the Wasabi wallet
copper member
Activity: 588
Merit: 926
So this has been discussed many times already. You could just use the Meta search to find the answers to your questions. theymos has already answered this kind of questions.

A limited number of people can read the personal messages. Personal messages are stored in the database in encrypted form and only those who have the decryption key can read them.

Only me, Gavin, Satoshi, and Sirius can decrypt it.

You can read this topic. It contains quotes from theymos on the subject.

"PM privacy is not guaranteed. Encrypt sensitive messages. "
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
What informations do you really have to convey through PM's that doesn't warranty the admin's solicitude?? BTC deals that the forum doesn't have? Ponzis that nobody has never heard of?? Sexuality and sensitivity?? Except these PM's are really concrete for encryptions, but then i see nothing wrong with that.
Theymos won't make users anonymity so discreet that he ain't got no details about it... afterall he controls the site itself...

Sandra 🧑‍🦰

Well, intelligent people may think out of the box and you never know some people might send the private key to themselves thinking that it is the safest place as no one can access the PM. Wink  or more generous ones may send the private key or seed phrases to their friends through PM to keep them save. We just can't image what people's use cases for the PM.

No one realizes that once you upload, write or store anything on the internet, whether it's a personal email message or a personal drive, nothing is secure and private. The centralized company providing the services have access to each and everything that is stored on their servers.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Does anyone know the amount of data that was requested regarding CM. Bitcointalk was mentioned several times in that report, but I don't know whether they relied on the data available to everyone, or asked for IP addresses and private messages.

This information can only be known by the admin, and I am not aware that he has commented on anything related to CM. In the event that someone's personal messages or other private data are given to third parties at their request, those forum members should be notified. Of course, if something has not changed in this regard compared to 2015 (I am referring to the link posted by @TryNinja).
legendary
Activity: 2702
Merit: 4002
Several years ago there was a proposal to publish Satoshi's private messages, but after a while this idea was stopped, so all data from day1 is recorded.


Also, remember that theymos being a privacy advocate doesn’t mean you shouldn’t be cautious. He already shared PMs for a subpoena: https://bitcointalksearch.org/topic/bfl-subpoena-1027518

Does anyone know the amount of data that was requested regarding CM. Bitcointalk was mentioned several times in that report, but I don't know whether they relied on the data available to everyone, or asked for IP addresses and private messages.
legendary
Activity: 2758
Merit: 6830
(although I don't have direct knowledge of the first claim, that Theymos has access to everything; you should just assume it to be true for security's sake).
Doesn’t he have access to the forum’s server backend? He’s the one coding or adding patches to the forum: April fool’s pranks, merit system, etc…. Access to the server = full access to every single byte of data and how the forum behaves.

Also, remember that theymos being a privacy advocate doesn’t mean you shouldn’t be cautious. He already shared PMs for a subpoena: https://bitcointalksearch.org/topic/bfl-subpoena-1027518
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Everything is more or less well explained in previous posts, and those who didn't know it by now may have learned the difference between personal and private.

However, it should be noted that there is someone else who can technically read your personal messages, and this is the BPIP extension. If you use it, pay attention to the following :

We don't log your IP address when the extension contacts our server but if you don't trust us you should use Tor or VPN. The extension can technically read any data from your BitcoinTalk session, including your PMs, but it doesn't do so. It collects user IDs from the page you're looking at - e.g. a list of posts in a thread - and sends that list of IDs to bpip.org to get info about those users, and only does so if you turn the optional features on (these features are off by default).

The extension works even if you browse BitcoinTalk.org without being logged in. The source code is not obfuscated and can be examined by anyone with sufficient JavaScript knowledge using developer tools built into most browsers. Same tools can also be used to check network traffic to/from the extension.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I'm surprised nobody mention CloudFlare so far, which is used by this forum. CloudFlare decrypt internet connection between you and Bitcointalk server for various reason (primarily for DDoS protection) which mean theoretically they could log and analyze data transmitted between you and Bitcointalk server.

Telegram has a in built feature that supports encrypted messages

Take note default chat isn't encrypted, you'll need to use "secret chat" feature to obtain end-to-end encryption. Or even consider Signal which always use encryption and backed by more transparent company.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
I don't think members have ever taught about this before which I why I decided to raise this thread.

If you ever gave attention to your screen then you may not have such thoughts in the first place.


Although I recognize that the intention behind granting this access might be to counter spam and fraudulent behavior, I personally find the idea of reading other people's private messages invasive. PMs are meant to be personal, and it's troubling to think that anyone apart from the intended recipients or sender can access them.
The same goes on every platform you are using on a daily basis for example your social media messages are completely private?

So it makes sense right, if you ever want to send any sensitive information over an internet platform then encrypt it.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
If a person is fighting for their privacy, it would be very naive to send a PM to someone and hope that their messages will be protected. What data can we get in the PM and worry about? Only personal data. Therefore, do not send them to the forum; there are many instant messengers where you can communicate confidentially. I know that the administrator sees all our IP addresses. And if he has access to such information, then why not have access to everything else? As mentioned above, do not write a PM if you do not trust anyone. After all, your opponent can be hacked, and all PMs sent will be available to the hacker, and the moderators will not be able to prevent him from reading them.
hero member
Activity: 630
Merit: 510
AFAIK, Both theymos and cyrus can read your messages at any time they want, and each of Mr. big, hilariousandco, mprep can read them when you report it to them, so if you want to send sensitive or personal data, it is better to avoid sending using PM, and if you want to communicate with someone Encrypting the message using PGP will be fine if you do not want a third party to view it.
hero member
Activity: 952
Merit: 662
I'm just thinking like how high the privacy level you want to achieve?

A real private person will try as much as he can to avoid leaving his trace, however I've dig your post history and found you're posting in your local board. You could argue I only know your country, but at least I have a clue. As long as you're not a drug seller, scammer or related with illegal thing, you're fine.

After that, on a forum (or any other form of communication on internet), if you don't trust the admin, don't use the forum or don't send a PM.
Your answer are correct but I'd say he can use Privnote so it will not make the administrators can read his PM including someone who's compromise his account.
sr. member
Activity: 854
Merit: 424
Playbet.io - Crypto Casino and Sportsbook
If you use a platform, you have to worry about your privacy. If you want to have privacy, protect it, you must do all things good at beginning, like Satoshi Nakamoto. If you began badly, your privacy was broken, you can not fix your practice and get your privacy back 100%.

Because someone can dig into the past, available database, archives, to find information about you.

legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
theymos has complete access to all databases and software code used by the forum, so you can never assume that your PMs are private, even if he claims he will never read them. Taking this into account, you should never discuss sensitive information through your PMs. Use a proper encrypted solution for that.
I second this (although I don't have direct knowledge of the first claim, that Theymos has access to everything; you should just assume it to be true for security's sake).  But even though I think sensitive communications ought to be done off-site, I don't think there's ever been trouble as far as Theymos's end is concerned, i.e., I've never heard that he's released anyone's PMs to anyone else.  Not that he couldn't or wouldn't still do so, but he's always struck me as the type of person who respects others' privacy.

In the end....just don't trust anyone here more than you have to, even with PMs.
legendary
Activity: 1526
Merit: 1359
~
I understand the need for this discussion and hope to hear from moderators or individuals who can shed light on this matter.

What is there to discuss, really? No type of plain-text communication is actually created with privacy as a priority. Even if it were somehow technically impossible for the forum administrators to access private messages, there would still be a range of potential man-in-the-middle scenarios to worry about. Your local network administrator can intercept communication, as can your ISP, your VPN provider, CloudFlare, hosting provider, server administrators, ... Have you ever wondered who might be monitoring your email communication?

If privacy matters to you, take the time to understand how to effectively encrypt your sensitive communications.
hero member
Activity: 798
Merit: 1045
Goodnight, ohh Leo!!! 🦅
What informations do you really have to convey through PM's that doesn't warranty the admin's solicitude?? BTC deals that the forum doesn't have? Ponzis that nobody has never heard of?? Sexuality and sensitivity?? Except these PM's are really concrete for encryptions, but then i see nothing wrong with that.
Theymos won't make users anonymity so discreet that he ain't got no details about it... afterall he controls the site itself...

Sandra 🧑‍🦰
hero member
Activity: 574
Merit: 554
Leading Crypto Sports Betting & Casino Platform
theymos has complete access to all databases and software code used by the forum, so you can never assume that your PMs are private, even if he claims he will never read them. Taking this into account, you should never discuss sensitive information through your PMs. Use a proper encrypted solution for that.
The privacy section of the forum also encourage encrypting sensitive PM, which means these personal messages can be accessed.

Quote
Always encrypt sensitive PMs. Note also that PMs are often emailed in cleartext to the recipients by bitcointalk.org
https://bitcointalk.org/privacy.php

The warning is clear, "If you don't want anybody to know about what you want to communicate, don't use the forum". Any confidential matter should be handled in more secured or private channels outside the forum
hero member
Activity: 1204
Merit: 802
Leading Crypto Sports Betting & Casino Platform


I don't think members have ever taught about this before which I why I decided to raise this thread.
 Although I recognize that the intention behind granting this access might be to counter spam and fraudulent behavior, I personally find the idea of reading other people's private messages invasive. PMs are meant to be personal, and it's troubling to think that anyone apart from the intended recipients or sender can access them.
It’s common knowledge and I’m surprised this is new to you. At the bottom of the message box, you will see this important note.

“Note: PM privacy is not guaranteed. Encrypt sensitive messages.”

I don’t see a problem with the admin having access to pms, if you are not comfortable you can always take your sensitive conversations elsewhere. Telegram has a in built feature that supports encrypted messages
staff
Activity: 3304
Merit: 4115
As for personal messages which are reported; I don't know what personal message reports look like exactly, however it might be worth considering removing who reported it, so that at least prevents the moderator knowing whom it was too, unless it was otherwise stated in the personal message. However, that might be the default behaviour, I wouldn't know.

However, without reports from personal messages; problematic users could maliciously or send unsolicited personal messages which could potentially harm other users.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
Yes, the administrators can access anything on the forum because they have the access to everything. The administrator can read private messages between two users and he/she can also access those messages even if a user deletes those messages after the conversation. The administrator is the most powerful entity of a forum or site and he/she has access to all the permissions and functions of a site.

The moderators might not have that many privileges and they may not be able to access the private messages on a forum, but that also depends on the structure of a forum if the admin of a forum decides to grant such permissions to moderators then they will also be able to access those private messages between two users. In most of the forums only admin is the central authority that can access or change anything in a forum without anyone's permissions while moderators may hold high privileges than other users, but still they have limited permissions as compare to an admin.

I would still recommend you to avoid sending any messages that may violate the rules of the forum because sending of such messages isn't a good act and if admins may later found such messages then they may take strict actions against such users who violate the terms and conditions of the forum. There are some strict rules of this forum which every user has to follow despite of their status or activity level, and anyone if breaks those rules then those users may face hard times on this forum. But, if a user follows the rules and doesn't do anything that's against the rules of the forum then there won't be any problem for such users.
 
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
The topic is quite interest to read as i also had these type of questions in my mind but i never tried to think more about these. Because reasons is, i do not have anything personal to share on PMs that i should avoid to send. If i have to give some contact of me then i prefer to use TG and we all know how secure they are.

But, few days back I had an encounter in my Local board where our board moderator Xalolex edited one of ours local member's post and i was stunned to see that but Xalolex is a nice and friendly moderator he edited the post to correct the mistake made by the member and he also gave whole clarification of the matter after asking. Because I got curious so I asked him/her and he replied politely i am really impressed.

Well, coming back to the discussion, he said, yeah we have permission to read and modify user's posts but he did not mentioned any PMs details but i doubt that these moderators are given the access to PMs because PMs access is something personal and it would be in the hand of Administrator only which is Theymos and I do not know anyone else here who would have access to PMs.
staff
Activity: 2408
Merit: 2021
I find your lack of faith in Bitcoin disturbing.
You've already found all the answers to your questions.
After that, on a forum (or any other form of communication on internet), if you don't trust the admin, don't use the forum or don't send a PM.
hero member
Activity: 798
Merit: 702
Being an administrator is different from being a moderator, and their access is also not the same.
As your quoted moderator has already stated, Accessing the message is only possible when the person you send the message to reports it over to the moderators for any reason (scam or privacy violation). Reporting a message to the moderators will definitely give them a preview of the message reported so that they can pass a proper judgment on the matter.

But on the side of the administrator, I think he has access to almost everything, unless this forum is not built that way. If not, administrators have access to whatever information they want. But this forum might be different since privacy is highly respected here on the forum, and the Admin is also too busy with other things to go through users personal messages.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
While moderators may not access the PM but administrator can read PMs. The forum software does not encrypt the message to store in the database which means anyone who have database access can also read messages between users.
legendary
Activity: 2758
Merit: 6830
theymos has complete access to all databases and software code used by the forum, so you can never assume that your PMs are private, even if he claims he will never read them. Taking this into account, you should never discuss sensitive information through your PMs. Use a proper encrypted solution for that.
sr. member
Activity: 336
Merit: 365
The Alliance Of Bitcointalk Translators - ENG>PID
On reading through this thread made by ,rachael9385 I came across a puzzling statement that has left me wondering about the privacy of personal messages.
In a response by Solosanz  it was mentioned 
Personal message is private and AFAIK only the administrators can view every users' personal message, since he's not an administrator, he can't scrap personal message.

This statement raised several questions and prompted me to initiate this thread. I delved into some research and found a few older posts where moderators weighed in on the matter. According to a post by Quickseller
Any administrator has the ability to read arbitrary PM's between users, even if they are not reported.
It has been said this will not happen without the consent of at least one of the parties of a message, and I have not seen evidence that contradicts this.

I also came across another reply by hilariousandco
No, we can't directly read PMs, just ones that are reported directly to us. You can send your ref link if it's warranted, but if not and they report the message you'll be banned for unsolicited pm spam

I don't think members have ever taught about this before which I why I decided to raise this thread.
 Although I recognize that the intention behind granting this access might be to counter spam and fraudulent behavior, I personally find the idea of reading other people's private messages invasive. PMs are meant to be personal, and it's troubling to think that anyone apart from the intended recipients or sender can access them.

I know this thread might not make much of sence,  but I understand the need for this discussion and hope to hear from moderators or individuals who can shed light on this matter.

(Please refrain from unnecessary responses.)
Jump to: