Author

Topic: Retention/privacy info (Read 746 times)

o_e_l_e_o

legendary

Activity: 2268

Merit: 18706

Quote from: suchmoon on April 29, 2019, 10:25:35 AM

Use Tor, that way you only need to worry about NSA and perhaps a half dozen other agencies.

I know that you know this, but for the benefit of anyone who might not:

Tor browser obviously only routes what you are accessing through that browser through the Tor network. In DdmrDdmr's example above, if you are torrenting Tor browser will do nothing to protect you, even if you downloaded the torrent link via Tor. Torrenting is a very poor use of the Tor network anyway. If you are using Windows, it will happily phone home continuously outside of the Tor network and expose your real IP to anyone who might be watching. Any other programs you might be using such as Telegram or Discord won't use the Tor network. If you are logging in to sites like Google, Facebook, etc., and you have ever logged in to them from your real IP, then Tor achieves nothing - they are tracking you all the same.

You can route all your traffic through Tor, but as I said, you will notice significant delays and very poor speeds for any downloads, media, etc. If you want to do these kinds of things, you are best served by purchasing a reputable VPN, although note that this still isn't foolproof and you are still trusting your VPN provider to not sell you out.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Last week I read an article that stated that multiple torrent users in Spain, allegedly all belonging to the same internet service provider (Euskatel), had received letters from a law firm representing a given film/series producer, demanding a certain amount of money for having downloaded copyright protected content through P2P. The base of it all is a judicial sentence that the Commercial Court in Bilbao had ruled, whereby the ISP has to disclose the identity of a given set of people that were tracked solely through their IP.

It’s not a common extended practice, but some courts may rule in favour of identifying through IPs with the forcibly collaboration of ISPs.

(See Amenazados por piratear: les piden hasta 1000 euros por descargar películas y series) – in Spanish.

suchmoon

legendary

Activity: 3654

Merit: 8909

https://bpip.org

Quote from: mikeywith on April 28, 2019, 07:18:52 PM

you can't possibly identify a device on TCP/IP level only , it's beyond the scope.

Not at the bare protocol level perhaps but "depending on who gets their hands on [the IP address]" - I'm quite sure your ISP (or someone who can subpoena your ISP) can match that IP at least to your router, your cell carrier can pinpoint you even more accurately. Then there's Google and Facebook and other sites that you use with the same IP and probably hundreds of other ways for you to be paranoid.

Use Tor, that way you only need to worry about NSA and perhaps a half dozen other agencies.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18706

Quote from: Jet Cash on April 29, 2019, 02:20:29 AM

-snip-

I'm probably the same. I use a variety of devices, a variety of locations, a variety of connection methods, a variety of VPN servers, and a variety of browsers. I would take a guess at having ~20 different IPs logged against my username.

As others have said, if you are concerned about your IP being logged, either use Tor or a reputable VPN. See https://thatoneprivacysite.net/vpn-section/ if you don't know where to start. Also be aware that if you use Microsoft, Apple, Google, Chrome, Facebook, etc., then a hell of a lot more than just your IP address is being logged.

Jet Cash

legendary

Activity: 2800

Merit: 2472

https://JetCash.com

I'm sorry if I'm clogging up the records. I use a variety of computing devices ( I think I've used about 10 so far ), and a mix of public and private connection methods and IPs from a variety of geographic locations. I'm also using Brave with a Tor window on occasions. If you want to track me down, then it would probably be easier to do it through a domain name, or you could just send me a PM.

mikeywith

legendary

Activity: 2366

Merit: 6555

be constructive or S.T.F.U

Quote from: suchmoon on April 25, 2019, 04:02:30 PM

Full IP that is kept for 6 months can identify your device (computer, phone, etc) quite accurately

I think that's a bit too much, people will be paranoid Grin

you can't possibly identify a device on TCP/IP level only , it's beyond the scope.

losing those last 8 bits is like going from an aprox longitude and latitude say (50-100 km radius) to just a city/state, now of course it all depends on your location and ISP, in some places you will be lucky to just get the country name right Grin

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: AverageGlabella on April 28, 2019, 05:07:32 PM

I don't think he is.

See:

Quote from: theymos on May 12, 2017, 12:42:12 PM

I intend to ignore all stupidity coming out of the EUSSR.

Quote

Also is there any other information that you collect separate to IP addresses?

Everything is in the page theymos linked in the OP: https://bitcointalk.org/privacy.php

Quote

I'm not sure what law the forum is operating under but I know that a auction site that we owned had to comply with GDPR regulations and there was a big crackdown on it in recent years. Wondering how a forum and specifically a Bitcoin forum would deal with that.

theymos doesn't care about GDPR regulations (as you can see by his posted I quoted above). But, AFAIK, he will comply with the authorities whenever he receives a subpoena.

AverageGlabella

legendary

Activity: 1232

Merit: 1080

I do believe that if you are collecting IP addresses to comply with GDPR you would be required for members of the site to accept that you are doing that via a cookie or am I incorrect in assuming that? Also is there any other information that you collect separate to IP addresses?

I'm not sure what law the forum is operating under but I know that a auction site that we owned had to comply with GDPR regulations and there was a big crackdown on it in recent years. Wondering how a forum and specifically a Bitcoin forum would deal with that.

TalkStar

copper member

Activity: 1204

Merit: 737

✅ Need Campaign Manager? TG > @TalkStar675

Quote from: theymos on April 25, 2019, 03:51:31 PM

Right. Though if someone really wants to know, I might consider manually giving them their logs after verifying that their account doesn't look hacked.

That's a nice way IMO because if you provide IP logs manually then its going to be much safer for the real user of that account. Hackers will not be able to verify themselve manually for sure.

suchmoon

legendary

Activity: 3654

Merit: 8909

https://bpip.org

Quote from: AB de Royse777 on April 25, 2019, 03:19:04 PM

Trying to grasp it however I think I got the basic idea. May be I need to get help from google for more clarity. Cheers Lauda :-)

Full IP that is kept for 6 months can identify your device (computer, phone, etc) quite accurately, depending on who gets their hands on it. Partial IP can only identify the rough location, like your neighborhood or mobile cell. If you're concerned about any of that - make sure to safeguard your e-mail account, stake a Bitcoin address, and check the new checkbox. Use Tor if feasible. Keep in mind that other entities like Google have potentially lots more info about you.

theymos

administrator

Activity: 5222

Merit: 13032

Quote from: 100bitcoin on April 25, 2019, 03:13:07 PM

Is this change in response to some government order? Just asking...

No. Previously IPs were logged sporadically but usually kept indefinitely; this is an overall significant reduction in retention.

Quote from: ibminer on April 25, 2019, 03:27:00 PM

It's a bad idea to provide any IP log to the user themselves. Compromised accounts happen and the situation could become worse if the attacker can access your IP logs.

Right. Though if someone really wants to know, I might consider manually giving them their logs after verifying that their account doesn't look hacked.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: Quickseller on April 25, 2019, 03:41:06 PM

Quote from: Lauda on April 25, 2019, 03:19:29 PM

Quote from: BitCoinDream on April 25, 2019, 03:17:04 PM

I mean, an user has right to know his/her own information.

In the EU, yes. In the US, no.

The forum doesn’t recognize EU law.

The US is the most corrupt and backwards place in the world, so no surprise there. Keep enjoying the bribes.

Quickseller

copper member

Activity: 2926

Merit: 2348

Quote from: Lauda on April 25, 2019, 03:19:29 PM

Quote from: BitCoinDream on April 25, 2019, 03:17:04 PM

I mean, an user has right to know his/her own information.

In the EU, yes. In the US, no.

The forum doesn’t recognize EU law.

ibminer

legendary

Activity: 1789

Merit: 2535

Goonies never say die.

Quote from: RocketSingh on April 25, 2019, 03:29:47 PM

Quote from: ibminer on April 25, 2019, 03:27:00 PM

It's a bad idea to provide any IP log to the user themselves. Compromised accounts happen and the situation could become worse if the attacker can access your IP logs.

Compromised accounts get PM details as well. That should not be a reason, not to provide IP log data.

PM privacy is not guaranteed and you can control those.

RocketSingh

legendary

Activity: 1662

Merit: 1050

Quote from: ibminer on April 25, 2019, 03:27:00 PM

It's a bad idea to provide any IP log to the user themselves. Compromised accounts happen and the situation could become worse if the attacker can access your IP logs.

Compromised accounts get PM details as well. That should not be a reason, not to provide IP log data.

ibminer

legendary

Activity: 1789

Merit: 2535

Goonies never say die.

It's a bad idea to provide any IP log to the user themselves. Compromised accounts happen and the situation could become worse if the attacker can access your IP logs.

newIndia

legendary

Activity: 2226

Merit: 1049

Quote from: vit05 on April 25, 2019, 03:05:57 PM

I thought the first login IP was stored forever. I think changing this configuration before a more elaborate account recovery process will be very risky...

I think, first login IP will still be logged.

RocketSingh

legendary

Activity: 1662

Merit: 1050

Quote from: Lauda on April 25, 2019, 03:19:29 PM

Quote from: BitCoinDream on April 25, 2019, 03:17:04 PM

I mean, an user has right to know his/her own information.

In the EU, yes. In the US, no.

I dunno if u r right or wrong. But, if u r right, a legal action against BitcoinTalk at EU may ban the domain all over EU. On the other hand, US probably does not prohibit an entity to share such information with their userbase. So, it is probably better to share the info.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: BitCoinDream on April 25, 2019, 03:17:04 PM

I mean, an user has right to know his/her own information.

In the EU, yes. In the US, no.

AB de Royse777

legendary

Activity: 2464

Merit: 3878

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: Lauda on April 25, 2019, 03:14:28 PM

Quote from: AB de Royse777 on April 25, 2019, 03:13:42 PM

Yeh did LOL but again failed to understand Partial IP :-P

My technical knowledge is limited to understand this:

Quote

Between 6 and 24 months, the IP linearly loses least-significant bits over time. For example, the IP 123.234.210.221 would lose 8 bits and become the prefix 123.234.210.0/24 approximately 10.5 months after it was logged. For IPv6, the least-significant 66 bits are dropped after 6 months, and then the remaining bits are dropped linearly over the 1.5-year period.

Can anyone speak English for the above quote? :-D

Cheers :-)

The bolded is a partial IP of the underlined.

Trying to grasp it however I think I got the basic idea. May be I need to get help from google for more clarity. Cheers Lauda :-)

BitCoinDream

legendary

Activity: 2380

Merit: 1209

The revolution will be digital

Can the retained log of a certain user, be made available to that user? I mean, an user has right to know his/her own information. Is not it?

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: AB de Royse777 on April 25, 2019, 03:13:42 PM

Yeh did LOL but again failed to understand Partial IP :-P

My technical knowledge is limited to understand this:

Quote

Can anyone speak English for the above quote? :-D

Cheers :-)

The bolded is a partial IP of the underlined.

AB de Royse777

legendary

Activity: 2464

Merit: 3878

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: Lauda on April 25, 2019, 03:01:47 PM

Quote from: AB de Royse777 on April 25, 2019, 02:59:39 PM

Full IP 6 months (normal retention), meaning that certain amount of time you mentioned is 6 months?

Yes.

Quote from: AB de Royse777 on April 25, 2019, 02:59:39 PM

Since I have already checked the Limit IP retention then I fall under 3 months limited retention?

Only starting today.

Clear :-)

Quote from: AB de Royse777 on April 25, 2019, 02:59:39 PM

What is Partial IP?

Sorry I never checked the privacy page until today.

Read the page agian.

Yeh did LOL but again failed to understand Partial IP :-P

My technical knowledge is limited to understand this:

Quote

Between 6 and 24 months, the IP linearly loses least-significant bits over time. For example, the IP 123.234.210.221 would lose 8 bits and become the prefix 123.234.210.0/24 approximately 10.5 months after it was logged. For IPv6, the least-significant 66 bits are dropped after 6 months, and then the remaining bits are dropped linearly over the 1.5-year period.

Can anyone speak English for the above quote? :-D

Cheers :-)

100bitcoin

sr. member

Activity: 860

Merit: 423

Is this change in response to some government order? Just asking...

vit05

hero member

Activity: 672

Merit: 526

I thought the first login IP was stored forever. I think changing this configuration before a more elaborate account recovery process will be very risky...

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: AB de Royse777 on April 25, 2019, 02:59:39 PM

Full IP 6 months (normal retention), meaning that certain amount of time you mentioned is 6 months?

Yes.

Quote from: AB de Royse777 on April 25, 2019, 02:59:39 PM

Since I have already checked the Limit IP retention then I fall under 3 months limited retention?

Only starting today.

Quote from: AB de Royse777 on April 25, 2019, 02:59:39 PM

What is Partial IP?

Sorry I never checked the privacy page until today.

Read the page agian.

AB de Royse777

legendary

Activity: 2464

Merit: 3878

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: Lauda on April 25, 2019, 02:52:28 PM

~snip~
No. The IPs you used in the last 3 months will always be logged, in addition to that you have to wait a certain amount of time before your past logs are gone. Just read this: https://bitcointalk.org/privacy.php.

I read. Just to clarify:

Full IP 6 months (normal retention), meaning that certain amount of time you mentioned is 6 months?

Since I have already checked the Limit IP retention then I fall under 3 months limited retention?

What is Partial IP?

Sorry I never checked the privacy page until today.

Thanks in advance.

Cheers :-)

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: AB de Royse777 on April 25, 2019, 02:37:54 PM

I just enabled it and updated which means no (IP) log left for me?

No. The IPs you used in the last 3 months will always be logged, in addition to that you have to wait a certain amount of time before your past logs are gone. Just read this: https://bitcointalk.org/privacy.php.

hacker1001101001

sr. member

Activity: 1288

Merit: 415

Quote from: theymos on April 25, 2019, 02:18:36 PM

I considered putting a warning on trust pages for users who have enabled limited retention, since it theoretically might make legal action against them more difficult in case they scam you, but my current thinking is that this is kind of pointless because someone could just not enable the setting and use Tor for the same effect. And it'd be both privacy-invasive and futile whack-a-mole to try to indicate when people are using proxies. On the other hand, scammers are often pretty stupid, so I could be convinced to add the warning.

Yes, there is no benefit in putting an warning for those who unable this feature as many people here already use TOR to hide the current IP status. But still an inbuilt feature to hide the IP makes it easy and convenient for sure.

Happy to see upgrades in the current forum software BTW.

Quote from: AB de Royse777 on April 25, 2019, 02:37:54 PM

I just enabled it and updated which means no (IP) log left for me?

No, not all the logs are deleted.

Quote

This will apply only to logs created after you change the setting

Quickseller

copper member

Activity: 2926

Merit: 2348

Quote

You should only consider enabling this if you've staked a pubkey in the thread and you're sure that your account email is correct

Will you consider accepting non-bitcoin signed messages for private keys associated with major (top 5-10 per CMC) altcoins?

AB de Royse777

legendary

Activity: 2464

Merit: 3878

Hire Bitcointalk Camp. Manager @ r7promotions.com

I just enabled it and updated which means no (IP) log left for me?

Just trying to understand the change.

Cheers :-)

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: theymos on April 25, 2019, 02:18:36 PM

There's now an option in your account settings which will allow you to reduce retention of your logged IPs to 3 months. You should only consider enabling this if you've staked a pubkey in the thread and you're sure that your account email is correct. I'm not sure if 3 months is enough to respond adequately to all abuse; we'll see, and I might change it later or perhaps restrict it based on rank.

It can be enabled here: https://bitcointalk.org/index.php?action=profile;sa=account

Just for reference.

suchmoon

legendary

Activity: 3654

Merit: 8909

https://bpip.org

Quote from: theymos on April 25, 2019, 02:18:36 PM

you should now think about IP logging as happening constantly.

Awesome

~~Just to make sure - if I check this new checkbox, will it immediately delete all logs older than 3 months?~~

Nevermind, I should read slower. It won't.

Quote

You can opt into limited retention in your account settings. This will apply only to logs created after you change the setting, and doing so will make it much more difficult for you to recover your account if it is ever lost.

theymos

administrator

Activity: 5222

Merit: 13032

I wrote a new unified IP logging/retention system, and I changed the way backups are done in order to ensure limited retention on certain privacy-sensitive things. See: https://bitcointalk.org/privacy.php

Previously I said that IPs are only logged when you post and in some limited other cases, such as when you encounter certain errors. This is no longer true: you should now think about IP logging as happening constantly.

There's now an option in your account settings which will allow you to reduce retention of your logged IPs to 3 months. You should only consider enabling this if you've staked a pubkey in the thread and you're sure that your account email is correct. I'm not sure if 3 months is enough to respond adequately to all abuse; we'll see, and I might change it later or perhaps restrict it based on rank.

I considered putting a warning on trust pages for users who have enabled limited retention, since it theoretically might make legal action against them more difficult in case they scam you, but my current thinking is that this is kind of pointless because someone could just not enable the setting and use Tor for the same effect. And it'd be both privacy-invasive and futile whack-a-mole to try to indicate when people are using proxies. On the other hand, scammers are often pretty stupid, so I could be convinced to add the warning.