Author

Topic: Privacy questions about ninjastic.space and loyce.club (Read 391 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
@LoyceV & @TryNinja Just create a legal page that explains everything
I'm not a lawyer, I don't do "legal pages". I'm not very fond of the idea that everything needs to have legal disclaimers. Just use common sense (and Tor).

Besides, barely anyone reads legal disclaimers. I get dozens of very annoying cookie popups per day, and want to get rid of them as quickly as possible. I don't have time to read all the details on every site I visit.
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
Or because...

oh it was different from this. I quote: (i remember most information were not blurred)

- Snip

I hide some for this link, but I send it to HitBTC without any modifications and 7-8 another selfies and scans of my passport. I never had any problem with KYC with other exchanges.
The scan or selfie not enough quality?

I use that scan for any KYC, and I have no problem with Binance, Bittrex, or other exchanges.
I tried taking photos on a phone camera (Samsung S10) and Canon camera - HitBTC canceled all my attempts.
I just want to take my coins and never work with them again, but they even blocked the withdrawal.

You may still be able to find the unedited post in ninjastic and loyceclub but all the links are invalid now. Honestly, it slipped my mind to also report it to those two archive websites, i hope op took down the link not way too long.
legendary
Activity: 1596
Merit: 1288
@LoyceV & @TryNinja Just create a legal page that explains everything, perhaps the community trusts you, but it is better to resort to clear rules than to trust words. especially the commercial use of this data.
The forum has something similar https://bitcointalk.org/privacy.php



Quote
    Bitcointalk.org is in US jurisdiction, and is subject to US subpoenas, wiretap orders, preservation orders (which would negate the above retention rules), and similar. Furthermore, our service providers could also be subject to similar orders without our knowledge. Note that we consider PMs to require a warrant in order to be released.
    At our sole discretion, we may voluntarily assist law enforcement worldwide. Generally we do this only when we perceive that the target user has probably committed a serious and non-victimless crime.
    At our sole discretion, we may (noncommercially) share or extend retention on any of a specific user's userdata even without law-enforcement involvement. This is very rare.
    While we don't intentionally set up systems to do so, data may end up laying around for longer than the above-specified retention limits accidentally. For example, a sysadmin might copy the access logs in order to analyze an ongoing DDoS attack and then forget to delete them for a while.
    Computer security can never be guaranteed.
copper member
Activity: 1526
Merit: 2890
Well that's a fair question but let's suppose they both agree to delete ninjastic.space and loyce.club, How about other places? For example web.archive.org I don't think they will honor such requests.

Your statement has some inaccuracy, for website/crawler/archive service under legal company/organization have some legal obligation to honor data removal. For example, archive.org provide guide for removal/exclusion[1] while archive.today have button "report bug or abuse"[2]. They might honor your request, but it'll take some time/effort on your side.

[1] https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/
[2] https://archive.ph/Urp7B/abuse

Well I agree with you to some extent but again you can request, there’s no guarantee that it will be removed specially when you have posted something by mistake, whether it’s personal info or private keys.

Yeah copyright or abuse is something else.

Edit:
Typos
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
This is the thread I am talking about: KYC now required. My guess is that all the sensitive data has already been deleted from ninjastic.space and loyce.club as well.
I started scraping a few months after that thread was created. Or more accurately: I scraped posts before that date, but didn't share them online. My current archive on that thread was created much later (July 2020). TryNinja started even later.
Anything that has been in that topic for more than a year deserves to be archived forever Smiley

Your statement has some inaccuracy, for website/crawler/archive service under legal company/organization have some legal obligation to honor data removal.
That worked so well for all celebrities who wanted certain pictures removed Roll Eyes All they get with legal action is more attention, and even if one site takes it down, it's already posted on many other sites.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I have a simple question, if I mistakenly post data such as my personal address, private key or any data that I later want to hide, and I contact @ and he delete it, will both sites comply with this deletion?
Well that's a fair question but let's suppose they both agree to delete ninjastic.space and loyce.club, How about other places? For example web.archive.org I don't think they will honor such requests.

Your statement has some inaccuracy, for website/crawler/archive service under legal company/organization have some legal obligation to honor data removal. For example, archive.org provide guide for removal/exclusion[1] while archive.today have button "report bug or abuse"[2]. They might honor your request, but it'll take some time/effort on your side.

[1] https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/
[2] https://archive.ph/Urp7B/abuse
copper member
Activity: 1526
Merit: 2890
I have a simple question, if I mistakenly post data such as my personal address, private key or any data that I later want to hide, and I contact @ and he delete it, will both sites comply with this deletion?

Well that's a fair question but let's suppose they both agree to delete ninjastic.space and loyce.club, How about other places? For example web.archive.org I don't think they will honor such requests.

To be honest you can't force LoyceV or TryNinja to do so, yeah you can request them and I'm sure they will listen but if they don't? Even theymos won't help you here :p

So the rule of thumb is always double check before you post anything on the internet, they say "What We Post Online Is Forever, and We Need a Reminder."

For example this post from 2009 https://bitcointalksearch.org/topic/m.65 is DELETED

or is it? https://web.archive.org/web/20140423083534/https://bitcointalk.org/index.php?topic=15.0

legendary
Activity: 2730
Merit: 7065
Sometimes people also share sensitive information out of ignorance.
Or because they think that Bitcointalk now requires the forum accounts to undergo KYC. But that's also a type of ignorance. Maybe you remember theymos' April Fool's joke from a few years ago when he created a thread to inform people they need to pass KYC to stay on the forum. There were some users who posted selfies and screenshots of their IDs in that thread.

This is the thread I am talking about: KYC now required. My guess is that all the sensitive data has already been deleted from ninjastic.space and loyce.club as well. 
legendary
Activity: 2268
Merit: 18748
You should have the same approach to this forum as you have to the internet in general. Assume that anything and everything you share online is impossible to completely delete and will always exist online somewhere. Anything you post on this site, anything you post on any social media, any email you write, any message you send, any picture you share, any document you upload, any file you store in the cloud, etc. It doesn't matter if you delete it from everywhere you can see it or access it, as you have no idea what other entities have scraped it, what other servers it is backed up on, who else has accessed it and stored it, and so on.

Anything share or store online should be assumed to be permanently compromised.

How will they know this IP is from Husies? Someone else may look for your post too.
If an IP address looks up one post from Husires, it could be anyone. If an IP address looks up multiple posts from Husires, repeatedly over multiple days, than that is probably Husires themselves.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Talking about wrong impression, most people also don't know CloudFlare (which used by this forum) decrypt HTTPS traffic. They need to trust CloudFlare not to log and misuse their data.
Lol. Good luck with that:
Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot, and it's not like the NSA is going to steal your password in order to scam people on bitcointalk.org or anything.

an accident can always happen, especially confusion when copying/pasting an address vs. a private key. once in a thousand times, but it happens.
What can I say, it happens:
In June, 2016, I accidentally copied the private key for 1foreverDArUNEX2gVD26vautcx3b8zTZ in my Google search bar. That's been bugging me ever since.
~
I've downloaded my data from Google, and it confirms Google still knows the private key. It's not something I worry about that much, but it's a loose end to tie up.

We don't know whether someone else is scraping or not though
We do know: Google is the most famous one, but there are many more web crawlers indexing everything there is on the internet.

Quote
I believe a lot of people are doing including FBI (who knows you are a part of them or not  Cheesy).
Let me put it this way: Unfortunately, the FBI doesn't pay me for my efforts Cheesy
legendary
Activity: 2254
Merit: 2305
Marketing Campaign Manager |Telegram ID- @LT_Mouse
That doesn't make scraping a bad idea, it makes posting private data a bad idea. People should really not post stuff on the internet if they want it to be private.
I didn't say scraping is a bad idea either. It's helpful in many ways to be honest. But scraping addresses isn't a good idea as I said. It doesn't help a lot to the forum. I don't know if it's helpful to others or not as I don't see a lot of benefits there. It only helps forum polices lol. But in general, scraping isn't that bad.
People must not post stuff on the internet but there's bad days. Some may mistakenly post their address or anything private. But with scrapers, it makes easy to keep a record. We don't know whether someone else is scraping or not though I believe a lot of people are doing including FBI (who knows you are a part of them or not  Cheesy).
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
Sometimes people also share sensitive information out of ignorance. Perhaps there was a time where they did not know any better?, which reminds me of that one user who posted a selfie with his passport... What bewildered me was that he didn't mind posting such information because as he said, "all russians are doxxed". Even if that was true, it makes no sense to deliberately share such information to a new audience.

If one has posted sensitive information, I can understand if they wanna 'take a chance' of minimizing the damage by requesting deletion.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
I have a simple question, if I mistakenly post data such as my personal address, private key or any data that I later want to hide, and I contact @ and he delete it, will both sites comply with this deletion?

you obviously got satisfactory answers, so it wouldn't be a problem to delete posts that contain sensitive information. certainly, if that were to happen, you would have to react immediately by changing the password, removing the funds and stopping using the compromised private key, etc... once made public it became public forever.

That doesn't make scraping a bad idea, it makes posting private data a bad idea. People should really not post stuff on the internet if they want it to be private.

an accident can always happen, especially confusion when copying/pasting an address vs. a private key. once in a thousand times, but it happens.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I always have seen scraping addresses isn't a good idea. There are people who even don't know someone scraps the forum and may mistakenly post an address publicly but instantly deleted. He will get a wrong impression that he is fine while he is not.
That doesn't make scraping a bad idea, it makes posting private data a bad idea. People should really not post stuff on the internet if they want it to be private.
legendary
Activity: 2254
Merit: 2305
Marketing Campaign Manager |Telegram ID- @LT_Mouse
Add to that, do they keep my IP address? It's easy to get to because I'll look up my posts.
How will they know this IP is from Husies? Someone else may look for your post too. They may (I assume though TryNinja said they don't) have the IP logs but that wouldn't do much harm if I'm correct since they wouldn't be able to know which IP is owned by who. Anyway, it's still safe to use TOR if you are concerned about your privacy regardless of what TryNinja and LoyceV said.

Though it's beneficial for forum's investigators (I can't see any other use), I always have seen scraping addresses isn't a good idea. There are people who even don't know someone scraps the forum and may mistakenly post an address publicly but instantly deleted. He will get a wrong impression that he is fine while he is not.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
This question comes up once in a while. My Apache2 server on loyce.club keeps default logs, which I've used in rare occasions to stop very agressive scrapers. I don't care about IP addresses, but if you don't want me to know your IP address, by all means: use Tor browser. My site doesn't even ask to solve a Captcha.
The different webhosts I use can probably no doubt access the data too.

I've granted most removal requests, but rejected some too when I didn't think it's necessary. I like my data integrity, which I've posted about around this post. For full transparency, I post all censoring in my topic.

If you mistakenly post private data, you should consider it compromised. Ninjastic.space and loyce.club are the most known scrapers here on Bitcointalk, but that's only because we're open about it. It's safe to assume there are other people (or organisations, or governments) that do the same, and you can't even ask them to remove data. You can probably test this by posting a funded private key (NO REALLY DON'T!), and delete the post as fast as you can. Chances are your funds get stolen.
"Generic" archiving sites store pages too.



I don't scrape Investigations (and other non-public boards, but I don't have access to those anyway).



There's only one way to make sure data doesn't leak: keep it offline.
legendary
Activity: 2212
Merit: 7064
I have a simple question, if I mistakenly post data such as my personal address, private key or any data that I later want to hide, and I contact @ and he delete it, will both sites comply with this deletion?
I think this already happened before with someone exposing personal information and doxing people on purpose, or making death threats.
Post was deleted both on bitcointalk forum as well as on ninjastic.space and loyce.club website, but you never know if someone archived separately.
I am personally considering every information once posted on internet already compromised, this can include personal information, photos and verification documents.

Add to that, do they keep my IP address? It's easy to get to because I'll look up my posts.
They probably don't keep you IP and they don't need it, but cloudflare keeps it for sure, but you can always use Tor browser or vpn for browsing.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
will both sites comply with this deletion

They will most certainly do. But they're not the only problem, I'm sure others are scraping the forum too, for whatever reasons. Some users may user archive.is (and its brothers), search engines also do their scraping, the internet archive may do so too (less often though), ... the thing is that if you do such a mistake you cannot ever be sure it was not recorded somewhere (else), no matter the nice guys from the forum delete that from their data.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I believe  it is important to know that everything you ever send in a forum is public.

You mean everywhere, all over the internet whether it was posted on social media or on some random academic .edu "home" website. The Wayback Machine exists, and many websites themselves keep site backups.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
If this isn't the right board, please let me know so I can move it.

I have a simple question, if I mistakenly post data such as my personal address, private key or any data that I later want to hide, and I contact @ and he delete it, will both sites comply with this deletion?

What can I do if both sites do not comply with this, and what is the role of the forum in this case.


I believe  it is important to know that everything you ever send in a forum is public. Those users will probably delete the requested data , but it is very hard to get privacy online and to "unsend" information is basically impossible.

Other people maybe de scrapping, there are  web archives, etc...

Even when you send a document to an email or an exchange that data could be leaked/hacked/sold etc.
Be careful with everything you write or send online
legendary
Activity: 2758
Merit: 6830
I’m ok with censoring privacy-sensitive posts. But keep in mind that other people are probably also scraping the forum, so be careful.

I don’t log IPs or have any kind of analytics or tracking scripts on ninjastic.space.
hero member
Activity: 1554
Merit: 880
pxzone.online
Mistakenly post? your private keys? Why you even try to post it in the very first place? No one on their right mind willl attempt to post their private keys. Besides posting in any kind is users' responsibility.

Regarding your ip address, you can just mask it easily by vpn, and i dont think those two (loycev and tryninja) will get interest someone's data like ip address and such.

About the deletion request, probably they will, they have full control those data and records, so feel free to pm them any time.
legendary
Activity: 2380
Merit: 5213
I have a simple question, if I mistakenly post data such as my personal address, private key or any data that I later want to hide, and I contact @ and he delete it, will both sites comply with this deletion?
If a post needs to be deleted, I am pretty sure both LoyceV and TryNinja will delete the post from their website.

LoyceV has already done so. See this post.
TryNinja will do the same if that's required and he receives a request. See this post for more information.
legendary
Activity: 1596
Merit: 1288
If this isn't the right board, please let me know so I can move it.

I have a simple question, if I mistakenly post data such as my personal address, private key or any data that I later want to hide, and I contact @ and he delete it, will both sites comply with this deletion?

What can I do if both sites do not comply with this, and what is the role of the forum in this case.

We can ask more questions, but they will revolve around the sites that collect, analyze or keep forum data.

Add to that, do they keep my IP address? It's easy to get to because I'll look up my posts.
Jump to: