Bitcoin Forum

Other => New forum software => Topic started by: EcuaMobi on June 27, 2015, 03:10:11 PM



Title: Certified/signed private messages
Post by: EcuaMobi on June 27, 2015, 03:10:11 PM
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.

A simple method to solve this would be to have an official BTC address and/or GPG certificate. The private key would be on the server as protected as possible. The public key would be published on the site. Under request anyone can acquire the signature of a sent or received PM to prove authenticity. The process would be 100% automatic.

There would be a risk if the server is compromised but probably in that case fake signed messages wouldn't be the biggest of our concerns anyway. I've been thinking about a way to remove or reduce this risk but the only other way would be for an admin to do it manually offline. That would be way to much work.


Title: Re: Certified/signed private messages
Post by: devnull2 on June 27, 2015, 03:23:14 PM
Thats a nice idea.


Title: Re: Certified/signed private messages
Post by: Muhammed Zakir on June 27, 2015, 03:47:48 PM
I like this idea.

-snip-
Under request anyone can acquire the signature of a sent or received PM to prove authenticity. The process would be 100% automatic.
 -snip-

I think a better way would be to have a button-like on every PM. Sender/receiver can click it and the signature associated with that message will be shown. The way you suggested, assuming it is automatic, may cause high server loads.


Title: Re: Certified/signed private messages
Post by: dserrano5 on June 27, 2015, 06:28:38 PM
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary (https://tlsnotary.org/) solve it?


Title: Re: Certified/signed private messages
Post by: EcuaMobi on June 28, 2015, 04:27:14 AM
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary (https://tlsnotary.org/) solve it?

Thanks. I didn't know about that. Yes that will certainly help! I'd still prefer a built-in method though, something that's easier and faster to generate and everyone here know about.


Title: Re: Certified/signed private messages
Post by: grue on June 28, 2015, 05:33:26 AM
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.
No, you can also report the PM to a global moderator/admin.


Title: Re: Certified/signed private messages
Post by: EcuaMobi on June 28, 2015, 02:46:02 PM
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited. Currently the closest to achieve that is to grant a trusted member access to one's account.
No, you can also report the PM to a global moderator/admin.

Scams are not moderated so that wouldn't help on most of the scenarios I listed. In a scam accusation normally what's needed is a proof that the published PM was not edited.


Title: Re: Certified/signed private messages
Post by: BadBear on June 28, 2015, 03:03:10 PM
Yes, scams aren't moderated but global mods and admins can still see reported pm's and verify the quote or screenshot is legitimate. There's nothing wrong with the suggestions, but to say the only way is to allow a trusted member to log into your account isn't true.


Title: Re: Certified/signed private messages
Post by: Quickseller on June 28, 2015, 03:12:02 PM
You can't report any sent PMs. If a sent PM is not quoted in the reply, or if it is quoted incorrectly then a good amount of information may be left out.

edit: Maybe it would be a good idea to allow messages in the outbox be reported to an admin/global mod (as well as the ability to search the outbox)


Title: Re: Certified/signed private messages
Post by: Muhammed Zakir on July 02, 2015, 11:59:01 AM
Sometimes it's necessary to prove a PM was received or sent. This can be useful for a scam accusation to prove a deal was made or a specific address was given. It can also be useful to prove an address was sent and -along with a message signed with that address- prove ownership of an account. Also to prove a threat or a blackmail/extortion attempt. At the moment people just take screenshots or quote the PMs but there's no way to prove that wasn't edited.

Could TLSnotary (https://tlsnotary.org/) solve it?

I was unable to sign Bitcointalk.org page. ???

PageSigner error

This website cannot be audited by PageSigner because it presented an untrusted certificate