"PM privacy is not guaranteed. Encrypt sensitive messages. "

[Andrew Bitcoiner]

Can the mods elaborate on this policy and in what contexts admins may read private messages?

[1714105982]

1714105982

[Stephen Gornick]

Can the mods elaborate on this policy and in what contexts admins may read private messages?

This was touched on here:

Deleted posts are almost never removed from the database. A PM is removed from the database if the sender and all recipients delete it.

Full database backups are created daily, and all global moderators and admins can download the (encrypted) backups and implement their own rotation policies.

they can download the backup to have it at multiple locations, but it's useless for them because they don't have the decryption key

This.

Only me, Gavin, Satoshi, and Sirius can decrypt it.

Global moderators can download the encrypted database backups. Admins and past admins (Gavin, Satoshi, Sirius, me, and now justmoon) can decrypt them -- they therefore have complete access to the database and can read PMs, etc. Justmoon and I can also query the live database.

Ah, so you're already reading the pms.  Good to know.  Who else are you snooping through?

I only scanned through them to make sure that the SQL query (to archive them) worked as I intended. The PGP message blocks stood out.

I only read others' PMs without their permission during scam investigations, and I've only read a user's entire inbox a few times.

That thread, starting from this quote tells more on the topic:

You are going to make PMs public or give it to the police?

I will give them to the police if the police ask for them. Otherwise, I may post them publicly to help people find Pirate and obtain justice.

Pirates are hostis humani generis. I'm not going to preserve the privacy of someone who stole 500,000 BTC.

 - http://bitcointalk.org/index.php?topic=104261.msg1145182#msg1145182



Since that time was an addition:

Stefan Thomas (justmoon) is now a forum administrator. He can therefore access the database directly and see IP addresses, etc.

And apparently one subtraction:

How many admins do we have on bitcointalk now?

Two. Gavin recently decided to stop being an admin.

The cautionary statement added to the bottom when you send a PM was requested here:

Legality aside, decency would suggest you should put a notice on the "private message" page stating that the messages are not private and may be read by moderators.

They're "personal messages", not "private messages".

I think it's obvious that the administrators of a site will check PMs when necessary, but I added a note to the page.

[Edited: Added some additional references]

[Raize]

SMF stores PMs in a string on a database. There are ways to retrieve this information and there has to be for you to even read them. While Theymos and others are correct in saying that any admin can read a PM, there's more to it than that: so can whoever is hosting the machine providing the forums, technically.

I don't think this is reason to not use the PM system, but I wouldn't use it for anything you really truly wanted to remain strictly between you and the person you've PM'd.