BFL subpoena

[theymos]

I recently received a subpoena related to a case against BFL (Case No. 14-CV-2159-KHV-JPO). I had to release all database info on a few employees/ex-employees of BFL (including their PMs), plus a complete copy of every thread in which anyone mentioned BFL or in which a BFL employee participated. (It was a huge hassle to put all of this info together.) The subpoena originally demanded all PMs that even mentioned BFL, which is ridiculous, but I managed to get this part eliminated.

If a PM of yours was released due to this, then I already sent you a PM about it.

I don't think that I'm going to send PMs about deleted posts that were released. 3196 users had deleted posts released, and I don't really want to send that many PMs when almost no one would care. I feel like people should have basically no expectation of privacy for something that they posted publicly anyway.

I also released all "report to moderator" reports involving or mentioning BFL. I don't think that these are very sensitive, so I'm not going to send out PMs about these.

[1714572181]

1714572181

[1714572181]

1714572181

[1714572181]

1714572181

[1714572181]

1714572181

[ABitNut]

That does sound like a lot of hassle indeed. I hope it's worth it. Also you probably did the right thing by PM-ing those who had there PMs exposed. It's a good time to remind people that PM stands for personal message, not private message...

Note: PM privacy is not guaranteed. Encrypt sensitive messages.

Do/did you get any compensation for the effort you had to put into this?

[dserrano5]

plus a complete copy of every thread in which anyone mentioned BFL

LOL.

This is pretty much the whole forum, right?

[hilariousandco]

I wonder how many of those posts/messages were from Bruno?  

That does sound like a lot of hassle indeed. I hope it's worth it. Also you probably did the right thing by PM-ing those who had there PMs exposed. It's a good time to remind people that PM stands for personal message, not private message...

Note: PM privacy is not guaranteed. Encrypt sensitive messages.

Do/did you get any compensation for the effort you had to put into this?

Well he probably should have been compensated for his time and effort but I bet he wasn't. Seems like a mammoth task to collect all that info.

plus a complete copy of every thread in which anyone mentioned BFL

LOL.

This is pretty much the whole forum, right?

They should just do that themselves if they really wanted it.

[Quickseller]

I would be interested to know how many BFL related posts were ever deleted. I am sure it is a lot if 3k+ users had their deleted posts released. I can only imagine the poor staff attorney who has to go through all the posts on the various threads, especially the ones with the ridiculous pictures (that I have read about), many of which I am sure are NSFW.

There were probably BFL threads in almost every section.

I would guess that this probably has something to do with why one of the BFL threads was recently apparently locked.

[Leeroy Jenkins]

Awesome. 

Use PGP if you want privacy.

[-ck]

I would guess that this probably has something to do with why one of the BFL threads was recently apparently locked.

No that was sheer coincidence as I locked it without knowing theymos was facing this.

[Bicknellski]

Hello. I'm writing to let you know that due to a subpoena that I received related to a case against BFL, I was forced to release some of your PMs.

In particular, I released all PMs that you sent to or received from the following people, possibly even if you deleted the PM:

Inaba
BFL-Engineer
BFL_Josh
SLok
BFL_Sonny
BFL AM Dave
bcp19
nibbknot

Who was nibbknot then?

Interesting.

[Quickseller]

nibbknot is someone who at least claimed to be Bruno Kucinskas - I can't imagine that Bruno actually worked for BFL though lol.

[Fernandez]

plus a complete copy of every thread in which anyone mentioned BFL

LOL.

This is pretty much the whole forum, right?

I expect so, and I pity the poor investigators who have to go through endless pages of trolling and crying and what not. Maybe after this case Theymos can hire them as mods

[dogie]

Which side requested it, do you know?

[redsn0w]

@theymos,

are you obliged to give them these 'data' or not?

Awesome. 

Use PGP if you want privacy.

You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it ).

[BadBear]

@theymos,

are you obliged to give them these 'data' or not?

Awesome. 

Use PGP if you want privacy.

You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it ).

Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.

And yes you should always use PGP or something else for sensitive communications.

I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.

[Blazr]

Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.

I think we should consider adding this to the new forum software.

[Bicknellski]

@theymos,

are you obliged to give them these 'data' or not?

Awesome. 

Use PGP if you want privacy.

You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it ).

Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.

And yes you should always use PGP or something else for sensitive communications.

I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.

1. Bad form badbear shouldn't talk about Inaba behind his back.
2. The issue for the forum is going to be persistent given the loads of scams present. This won't be the last time you are going to get a subpoena. Might want to start collating all the other major scams you can. Good luck.

[redsn0w]

@theymos,

are you obliged to give them these 'data' or not?

Awesome. 

Use PGP if you want privacy.

You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it ).

Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.

And yes you should always use PGP or something else for sensitive communications.

I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.

The law is the law, maybe I should send all the sensitive messages but firstly encrypt them with my pgp private key. (I suppose) this forum is under the eyes of a lot of government (first the USA  ).

Thanks for the reply BadBear.

[QuestionAuthority]

@theymos,

are you obliged to give them these 'data' or not?

Awesome. 

Use PGP if you want privacy.

You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it ).

Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.

And yes you should always use PGP or something else for sensitive communications.

I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.

When the investigators read the BFL threads they'll probably think everyone here is nuts. They might want to lock up everyone involved as a public safety measure. lol

[theymos]

Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.

I think we should consider adding this to the new forum software.

The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.

This is pretty much the whole forum, right?

It was 2.3% of topics. (This still amounted to ~5 GB of text.)

[Blazr]

The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.

That is part of the point IMO. If someone "forgets" their password, they cannot be forced to provide it. Perhaps it should be an opt-in feature and it should be clear to the user that forgetting your password makes your PM's unrecoverable, which is both a feature and an issue.

If that is not desirable, one option would be to use a Bitcoin address to recover access. This could be done by encrypting the PM master key with a Bitcoin addresses public key, some clients like Electrum have a built-in feature that allows you to encrypt/decrypt messages (though I'm unsure how safe this really is, it's rarely a good idea to reuse a key for both signing and encryption), perhaps something similar could be done in JS.

[redsn0w]

@theymos,

are you obliged to give them these 'data' or not?

Awesome. 

Use PGP if you want privacy.

You are right, I can't imagine someone read a pgp encrypted message and he doesn't know what the hell is write in that message (because he doesn't have the key for decrypt it ).

Subpoena is a court order, so yes he has to respond (either consent or fight it in court) or he can be jailed.

And yes you should always use PGP or something else for sensitive communications.

I hope they enjoy reading my pm's to Inaba warning him to stop trolling and derailing threads, and him whining about someone else starting it.

When the investigators read the BFL threads they'll probably think everyone here is nuts. They might want to lock up everyone involved as a public safety measure. lol

Most probable yes .

Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.

I think we should consider adding this to the new forum software.

The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.

This is pretty much the whole forum, right?

It was 2.3% of topics. (This still amounted to ~5 GB of text.)

~5 gb of data, only for BFL . Can you upload the subpoeana here in the forum (as the other one, the silkroad subpoena?) thanks.