BFL subpoena

[Quickseller]

Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.

I think we should consider adding this to the new forum software.

The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.

I don't see a reason why the forum would need to automatically decrypt your PM's for you. If you were to have everyone give a public key to the forum to have your PM's automatically encrypted to, then decrypting a PM would only be a matter of using your PGP client to decrypt the message manually for you which really would not take that much effort. This would let people determine how much security their PGP private keys have.

[Blazr]

Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.

I think we should consider adding this to the new forum software.

The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.

I don't see a reason why the forum would need to automatically decrypt your PM's for you. If you were to have everyone give a public key to the forum to have your PM's automatically encrypted to, then decrypting a PM would only be a matter of using your PGP client to decrypt the message manually for you which really would not take that much effort. This would let people determine how much security their PGP private keys have.

We're not talking about using PGP or any third party software at all. We're talking about doing this via javascript, so everything happens in the browser, and the user doesn't even need to know it's happening. PM's will function just like they do now except you'll need to enter a password to read your PM's, the password and plaintext PM's are never sent to the server and all encryption/decryption is done in-browser, similar to blockchain.info/wallet. This is SIGNIFICANTLY less safe than PGP, you need to trust theymos doesn't mess with the JS (unless you store it locally, perhaps we could use an optional browser add-on that does that in order to mitigate this risk), but it's probably sufficient to mitigate really invasive subpoena's etc.

[Quickseller]

Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.

I think we should consider adding this to the new forum software.

The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.

I don't see a reason why the forum would need to automatically decrypt your PM's for you. If you were to have everyone give a public key to the forum to have your PM's automatically encrypted to, then decrypting a PM would only be a matter of using your PGP client to decrypt the message manually for you which really would not take that much effort. This would let people determine how much security their PGP private keys have.

We're not talking about using PGP or any third party software at all. We're talking about doing this via javascript, so everything happens in the browser, and the user doesn't even need to know it's happening. PM's will function just like they do now except you'll need to enter a password to read your PM's, the password and plaintext PM's are never sent to the server and all encryption/decryption is done in-browser, similar to blockchain.info/wallet. This is SIGNIFICANTLY less safe than PGP, but it's probably sufficient to mitigate really invasive subpoena's etc.

Well to avoid the problem of people potentially forgetting their password to decrypt their PM's the forum could automatically encrypt PM's sent to someone using javascript, users would then store the private key locally, outside of their browser in order to decrypt the message. If PGP is used, and the user is using GPGTools as their PGP client, and their private key is stored locally, then decrypting it would be as arbitrary as highlighting text and making two clicks (and entering your passphrase).

In theory, the javascript could be modified so that whenever someone enters their password to decrypt a PM that the password is transmitted to either the forum or a third party attacker which would essentially allow them to decrypt any PM for that user.

[r3wt]

Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.

I think we should consider adding this to the new forum software.

The new forum software should be an open source project. i'm sure there are hundreds of good web dev's here who would be thrilled to participate.(If going the way you suggest).

[BadBear]

It is open source.

[Blazr]

Well to avoid the problem of people potentially forgetting their password to decrypt their PM's the forum could automatically encrypt PM's sent to someone using javascript, users would then store the private key locally, outside of their browser in order to decrypt the message. If PGP is used, and the user is using GPGTools as their PGP client, and their private key is stored locally, then decrypting it would be as arbitrary as highlighting text and making two clicks (and entering your passphrase).

In theory, the javascript could be modified so that whenever someone enters their password to decrypt a PM that the password is transmitted to either the forum or a third party attacker which would essentially allow them to decrypt any PM for that user.

I think the PM encryption system shouldn't be dependant on any software other than a standard web browser as a lot of users won't install the third party tools and thus a lot of users won't turn on PM encryption. The idea is this system will be used for most messages as an extra layer of security, anything private should be encrypted with PGP or something similar, if most people don't turn it on it is completely useless.

I disagree with theymos and actually think that forgetting your password is a feature. Anyway in your case losing your private key is the same as forgetting your password, and if you use default GnuPG settings and encrypt your private key, should you forget the passphrase for that you'll still lose your private key and as a result, your PM's. Users who fear they may lose their PM's due to forgetting a password should backup their PM's.

You are right that the JS can be modified, I mentioned above one solution is to copy blockchain.info's solution which was to use a browser addon to verify the JS. Users worried about the JS being modified can install the addon, however it should be optional.

[r3wt]

It is open source.

publicly viewable?

[Blazr]

It is open source.

publicly viewable?

http://github.com/epochtalk

[r3wt]

It is open source.

publicly viewable?

http://github.com/epochtalk

thanks

[Quickseller]

Well to avoid the problem of people potentially forgetting their password to decrypt their PM's the forum could automatically encrypt PM's sent to someone using javascript, users would then store the private key locally, outside of their browser in order to decrypt the message. If PGP is used, and the user is using GPGTools as their PGP client, and their private key is stored locally, then decrypting it would be as arbitrary as highlighting text and making two clicks (and entering your passphrase).

In theory, the javascript could be modified so that whenever someone enters their password to decrypt a PM that the password is transmitted to either the forum or a third party attacker which would essentially allow them to decrypt any PM for that user.

I think the PM encryption system shouldn't be dependant on any software other than a standard web browser as a lot of users won't install the third party tools and thus a lot of users won't turn on PM encryption. The idea is this system will be used for most messages as an extra layer of security, anything private should be encrypted with PGP or something similar, if most people don't turn it on it is completely useless.

I disagree with theymos and actually think that forgetting your password is a feature. Anyway in your case losing your private key is the same as forgetting your password, and if you use default GnuPG settings and encrypt your private key, should you forget the passphrase for that you'll still lose your private key and as a result, your PM's. Users who fear they may lose their PM's due to forgetting a password should backup their PM's.

You are right that the JS can be modified, I mentioned above one solution is to copy blockchain.info's solution which was to use a browser addon to verify the JS. Users worried about the JS being modified can install the addon, however it should be optional.

Well with blockchain.info/wallet if your password is compromised then you can simply move your funds to another address that is not compromised (hell you can create a new bc.i wallet with a better password). With having a private key that is decrypted in the browser if your password is compromised and the password protected private key is stored by the forum (I think it would have to be) then it would not be possible to protect the privacy of your PM's. If the passphrase to my PGP private key is compromised (but not the private key itself) then I can simply change the passphrase to my PGP private key (I think this is possible- you could have it temporarily in decrypted format then re-encrypt it with a new passphrase (then obviously securely delete all old copies of your PGP private key).

Having the forum automatically encrypt your PM's to the recipients' PGP public key allows the person receiving the message to choose their own level of security. You are right that less people will use it if it is dependent on any third party software, however the forum can only hold people's hands so much when it comes to security/privacy.

One thing that I could suggest (that I am sure will not be implemented - at least not for this forum) is that the forum could try to detect if PGP is being used and if not, it will not let you send the PM. Another option is to try to detect if PGP is being used and if not then giving a warning that their communication is not secure and that others may be able to see it in the future

[Blazr]

Well with blockchain.info/wallet if your password is compromised then you can simply move your funds to another address that is not compromised (hell you can create a new bc.i wallet with a better password). With having a private key that is decrypted in the browser if your password is compromised and the password protected private key is stored by the forum (I think it would have to be) then it would not be possible to protect the privacy of your PM's.

If your password is compromised, it is possible to change it. One way of doing this is to generate a random master key, which is actually the key that decrypts the PM's, and encrypt the master key with a password. So how it works is you open your Inbox, bitcointalk sends your browser your encrypted master key and encrypted PM's, you type in your password, your master key is decrypted using the password and then the PM's are decrypted using the master key. If your password is compromised you can change it, all you need to do is re-encrypt the master key with the new password, however should you ever forget the current password your PM's are gone unless you have another way of recovering your unencrypted master key. This is similar to how it works with PGP.

If the passphrase to my PGP private key is compromised (but not the private key itself) then I can simply change the passphrase to my PGP private key (I think this is possible- you could have it temporarily in decrypted format then re-encrypt it with a new passphrase (then obviously securely delete all old copies of your PGP private key).

My opinion is that PGP should really only be used for private information. Automatically PGP encrypting PM's is not a good idea, you should really only PGP encrypt PM's that actual private information. The reason for this is that if the receipient's PC is ever compromised, if they are unlocking their private key everyday to read their PM's then the malware can easily keylog them, however if they are only unlocking their PGP once every month or two to decrypt private information, there is a greater chance that the recipient will discover the keylogger before they unlock the private key. This is particularly bad because People also use their PGP keys for other purposes too like signing code, and it's generally not a good idea to have multiple PGP keys (unless you have multiple identities) as it can cause confusion, normally you should limit it to 1 key per identity.

Having the forum automatically encrypt your PM's to the recipients' PGP public key allows the person receiving the message to choose their own level of security. You are right that less people will use it if it is dependent on any third party software, however the forum can only hold people's hands so much when it comes to security/privacy.

like I said automatically PGP encrypting PM's isn't the best idea. We should only use the PGP keys for really important stuff.

[Quickseller]

Well with blockchain.info/wallet if your password is compromised then you can simply move your funds to another address that is not compromised (hell you can create a new bc.i wallet with a better password). With having a private key that is decrypted in the browser if your password is compromised and the password protected private key is stored by the forum (I think it would have to be) then it would not be possible to protect the privacy of your PM's.

If your password is compromised, it is possible to change it. One way of doing this is to generate a random master key, which is actually the key that decrypts the PM's, and encrypt the master key with a password. So how it works is you open your Inbox, bitcointalk sends your browser your encrypted master key and encrypted PM's, you type in your password, your master key is decrypted using the password and then the PM's are decrypted using the master key. If your password is compromised you can change it, all you need to do is re-encrypt the master key with the new password, however should you ever forget the current password your PM's are gone unless you have another way of recovering your unencrypted master key. This is similar to how it works with PGP.

You would need to trust the forum enough to delete the version of your master key with your old password when you change your password. If the forum's servers are ever compromised then an attacker could download the master key's with their current password. Another possibility would be that theymos could be compelled to keep copies of old versions of the master keys by the government so the effect of changing your password would be that either password would work to decrypt your PM's

If the passphrase to my PGP private key is compromised (but not the private key itself) then I can simply change the passphrase to my PGP private key (I think this is possible- you could have it temporarily in decrypted format then re-encrypt it with a new passphrase (then obviously securely delete all old copies of your PGP private key).

My opinion is that PGP should really only be used of private information. Automatically PGP encrypting PM's is not a good idea, you should really only PGP encrypt PM's that actual private information. The reason for this is that if the receipient's PC is ever compromised, if they are unlocking their private key everyday to read their PM's then the malware can easily keylog them, however if they are only unlocking their PGP once every month or two to decrypt private information, there is a greater chance that the recipient will discover the keylogger before they unlock the private key.

Well if something is sent via PM then they are by default trying to achieve at least a small amount of privacy above posting publicly. This would be somewhat of a pain however you could store your PGP key on an offline computer and transfer any encrypted messages to your offline computer anytime you receive a PM. Another option would be to designate different keys as being for different levels of sensitivity and people who cannot respect that will not have their PM's read.

If you reserve PGP use for only sensitive information then an attacker would only need to look to people who have sent/received PGP encrypted messages in the past to look for potentially sensitive information that could be of value.

It is probably not very secure to have the forum encrypt messages for you as if it is compromised then it could also encrypt it to a third key who you did not intend it to be encrypted to.  

People also use their PGP keys for other purposes too like signing code, and this puts their key at more risk.

Any code signing key should be kept offline and should be separate from your other PGP keys. I don't think someone should even try to decrypt something encrypted to their code signing key as if a code signing key is compromised then malware could easily be spread very quickly and very far.

[RocketSingh]

I recently received a subpoena related to a case against BFL (Case No. 14-CV-2159-KHV-JPO). I had to release all database info on a few employees/ex-employees of BFL (including their PMs), plus a complete copy of every thread in which anyone mentioned BFL or in which a BFL employee participated. (It was a huge hassle to put all of this info together.) The subpoena originally demanded all PMs that even mentioned BFL, which is ridiculous, but I managed to get this part eliminated.

If a PM of yours was released due to this, then I already sent you a PM about it.

I don't think that I'm going to send PMs about deleted posts that were released. 3196 users had deleted posts released, and I don't really want to send that many PMs when almost no one would care. I feel like people should have basically no expectation of privacy for something that they posted publicly anyway.

I also released all "report to moderator" reports involving or mentioning BFL. I don't think that these are very sensitive, so I'm not going to send out PMs about these.

I wonder how do they send you Subpoena ? Does not it require to have your physical address ? But, do they have it ? What would they have done if BitcoinTalk owner were not located in USA ? Sending Subpoena to forum admins appear ridiculous to me. Conversations are all open in public. They can directly collect their info from there. And how would they verify whether you are sending them correct PMs or not ? How can this become an evidence in a judicial process ?

[Quickseller]

I recently received a subpoena related to a case against BFL (Case No. 14-CV-2159-KHV-JPO). I had to release all database info on a few employees/ex-employees of BFL (including their PMs), plus a complete copy of every thread in which anyone mentioned BFL or in which a BFL employee participated. (It was a huge hassle to put all of this info together.) The subpoena originally demanded all PMs that even mentioned BFL, which is ridiculous, but I managed to get this part eliminated.

If a PM of yours was released due to this, then I already sent you a PM about it.

I don't think that I'm going to send PMs about deleted posts that were released. 3196 users had deleted posts released, and I don't really want to send that many PMs when almost no one would care. I feel like people should have basically no expectation of privacy for something that they posted publicly anyway.

I also released all "report to moderator" reports involving or mentioning BFL. I don't think that these are very sensitive, so I'm not going to send out PMs about these.

I wonder how do they send you Subpoena ? Does not it require to have your physical address ? But, do they have it ? What would they have done if BitcoinTalk owner were not located in USA ? Sending Subpoena to forum admins appear ridiculous to me. Conversations are all open in public. They can directly collect their info from there. And how would they verify whether you are sending them correct PMs or not ? How can this become an evidence in a judicial process ?

They mostly needed official business records from theymos not what can be accessed publicly. Also they needed a lot of PM's as well as deleted posts.

They most likely emailed him the subpoena, at least that is how they served him the DPR subpoena

[CanaryInTheMine]

I recently received a subpoena related to a case against BFL (Case No. 14-CV-2159-KHV-JPO). I had to release all database info on a few employees/ex-employees of BFL (including their PMs), plus a complete copy of every thread in which anyone mentioned BFL or in which a BFL employee participated. (It was a huge hassle to put all of this info together.) The subpoena originally demanded all PMs that even mentioned BFL, which is ridiculous, but I managed to get this part eliminated.

If a PM of yours was released due to this, then I already sent you a PM about it.

I don't think that I'm going to send PMs about deleted posts that were released. 3196 users had deleted posts released, and I don't really want to send that many PMs when almost no one would care. I feel like people should have basically no expectation of privacy for something that they posted publicly anyway.

I also released all "report to moderator" reports involving or mentioning BFL. I don't think that these are very sensitive, so I'm not going to send out PMs about these.

I wonder how do they send you Subpoena ? Does not it require to have your physical address ? But, do they have it ? What would they have done if BitcoinTalk owner were not located in USA ? Sending Subpoena to forum admins appear ridiculous to me. Conversations are all open in public. They can directly collect their info from there. And how would they verify whether you are sending them correct PMs or not ? How can this become an evidence in a judicial process ?

just an email would work.  same happened in DPR case.

[QuestionAuthority]

I recently received a subpoena related to a case against BFL (Case No. 14-CV-2159-KHV-JPO). I had to release all database info on a few employees/ex-employees of BFL (including their PMs), plus a complete copy of every thread in which anyone mentioned BFL or in which a BFL employee participated. (It was a huge hassle to put all of this info together.) The subpoena originally demanded all PMs that even mentioned BFL, which is ridiculous, but I managed to get this part eliminated.

If a PM of yours was released due to this, then I already sent you a PM about it.

I don't think that I'm going to send PMs about deleted posts that were released. 3196 users had deleted posts released, and I don't really want to send that many PMs when almost no one would care. I feel like people should have basically no expectation of privacy for something that they posted publicly anyway.

I also released all "report to moderator" reports involving or mentioning BFL. I don't think that these are very sensitive, so I'm not going to send out PMs about these.

I wonder how do they send you Subpoena ? Does not it require to have your physical address ? But, do they have it ? What would they have done if BitcoinTalk owner were not located in USA ? Sending Subpoena to forum admins appear ridiculous to me. Conversations are all open in public. They can directly collect their info from there. And how would they verify whether you are sending them correct PMs or not ? How can this become an evidence in a judicial process ?

They mostly needed official business records from theymos not what can be accessed publicly. Also they needed a lot of PM's as well as deleted posts.

They most likely emailed him the subpoena, at least that is how they served him the DPR subpoena

It doesn't stop at the subpoena. I had to go to court for an employer as the custodian of records. I was required to sign an affidavit certifying the records I presented were true and correct and testify to that in open court. I hope theymos has some free time blocked out in the future. If they use those records to support their case he'll need it.

[Quickseller]

I recently received a subpoena related to a case against BFL (Case No. 14-CV-2159-KHV-JPO). I had to release all database info on a few employees/ex-employees of BFL (including their PMs), plus a complete copy of every thread in which anyone mentioned BFL or in which a BFL employee participated. (It was a huge hassle to put all of this info together.) The subpoena originally demanded all PMs that even mentioned BFL, which is ridiculous, but I managed to get this part eliminated.

If a PM of yours was released due to this, then I already sent you a PM about it.

I don't think that I'm going to send PMs about deleted posts that were released. 3196 users had deleted posts released, and I don't really want to send that many PMs when almost no one would care. I feel like people should have basically no expectation of privacy for something that they posted publicly anyway.

I also released all "report to moderator" reports involving or mentioning BFL. I don't think that these are very sensitive, so I'm not going to send out PMs about these.

I wonder how do they send you Subpoena ? Does not it require to have your physical address ? But, do they have it ? What would they have done if BitcoinTalk owner were not located in USA ? Sending Subpoena to forum admins appear ridiculous to me. Conversations are all open in public. They can directly collect their info from there. And how would they verify whether you are sending them correct PMs or not ? How can this become an evidence in a judicial process ?

They mostly needed official business records from theymos not what can be accessed publicly. Also they needed a lot of PM's as well as deleted posts.

They most likely emailed him the subpoena, at least that is how they served him the DPR subpoena

It doesn't stop at the subpoena. I had to go to court for an employer as the custodian of records. I was required to sign an affidavit certifying the records I presented were true and correct and testify to that in open court. I hope theymos has some free time blocked out in the future. If they use those records to support their case he'll need it.

IIRC the DPR subpoena required theymos to appear in court, however it gave him the option to sign a affidavit saying essentially that the records he provided were true and correct copies of the business records; I don't think there would be any reason why it would be different in this case.

If either party wanted to dispute the completeness of what was provided or wanted to dispute anything that was provided was actually a true and correct copy of the forum's records then he would need to testify (or if either party wanted to otherwise dispute what was provided). I would say there is a pretty good chance that theymos won't need to personally appear, or if he does it will most likely only be for a disposition. I would say the BFL case(s) will most likely get settled out of court (and plea agreements will be reached for criminal cases)

[QuestionAuthority]

I recently received a subpoena related to a case against BFL (Case No. 14-CV-2159-KHV-JPO). I had to release all database info on a few employees/ex-employees of BFL (including their PMs), plus a complete copy of every thread in which anyone mentioned BFL or in which a BFL employee participated. (It was a huge hassle to put all of this info together.) The subpoena originally demanded all PMs that even mentioned BFL, which is ridiculous, but I managed to get this part eliminated.

If a PM of yours was released due to this, then I already sent you a PM about it.

I don't think that I'm going to send PMs about deleted posts that were released. 3196 users had deleted posts released, and I don't really want to send that many PMs when almost no one would care. I feel like people should have basically no expectation of privacy for something that they posted publicly anyway.

I also released all "report to moderator" reports involving or mentioning BFL. I don't think that these are very sensitive, so I'm not going to send out PMs about these.

I wonder how do they send you Subpoena ? Does not it require to have your physical address ? But, do they have it ? What would they have done if BitcoinTalk owner were not located in USA ? Sending Subpoena to forum admins appear ridiculous to me. Conversations are all open in public. They can directly collect their info from there. And how would they verify whether you are sending them correct PMs or not ? How can this become an evidence in a judicial process ?

They mostly needed official business records from theymos not what can be accessed publicly. Also they needed a lot of PM's as well as deleted posts.

They most likely emailed him the subpoena, at least that is how they served him the DPR subpoena

It doesn't stop at the subpoena. I had to go to court for an employer as the custodian of records. I was required to sign an affidavit certifying the records I presented were true and correct and testify to that in open court. I hope theymos has some free time blocked out in the future. If they use those records to support their case he'll need it.

IIRC the DPR subpoena required theymos to appear in court, however it gave him the option to sign a affidavit saying essentially that the records he provided were true and correct copies of the business records; I don't think there would be any reason why it would be different in this case.

If either party wanted to dispute the completeness of what was provided or wanted to dispute anything that was provided was actually a true and correct copy of the forum's records then he would need to testify (or if either party wanted to otherwise dispute what was provided). I would say there is a pretty good chance that theymos won't need to personally appear, or if he does it will most likely only be for a disposition. I would say the BFL case(s) will most likely get settled out of court (and plea agreements will be reached for criminal cases)

 Yeah, that's what I kept telling myself right up to the day of my appearance in court. lol

[VenusFlyTrap]

I wonder when they will be requesting info on bcp19's alts. He's posted under:

Pokokohua!
badgerkiller
bcpokey
DaBitcoinGuy

Maybe a couple others I can't remember, but the guy just totally lost his mind (probably because of the subpoena) and revealed his latest alt account. Meh, par for the course when BFL is involved.

[dogie]

I wonder when they will be requesting info on bcp19's alts. He's posted under:

Pokokohua!
badgerkiller
bcpokey
DaBitcoinGuy

Maybe a couple others I can't remember, but the guy just totally lost his mind (probably because of the subpoena) and revealed his latest alt account. Meh, par for the course when BFL is involved.

Not in the mood for searching through 200 pages of PMs, but I believe an admin confirmed to me there wasn't any obvious connection between Josh and Pokokohua!. Do you know something different?