Why do the mods need to know my email when I report a post?

[Decoded]

I was just reporting a post and just realised this one line - "Please note that your email address will be revealed to the moderators if you use this."

Why is this necessary? It's not like you NEED to see the email - You can just show the username. Is this for anti-spam purposes? I'm sure there's a better way for this, if so.

[minifrij]

This is a built in function to the version of SMF the forum uses. It was later removed, however since the forum hasn't updated it's software it is still present. I expect it was used for identification.
It could probably be manually changed by theymos, but it seems like a lot if effort for not much. For a temporary solution, use a throwaway e-mail for Bitcointalk.

[theymos]

How SMF 1.x handles reports is that it sends an email to all mods with jurisdiction over the reported post, with the email's from address set to your email. bitcointalk.org still does this, though I also added a reports queue, which is what most mods actually use.

[anonymoustroll420]

How SMF 1.x handles reports is that it sends an email to all mods with jurisdiction over the reported post, with the email's from address set to your email. bitcointalk.org still does this, though I also added a reports queue, which is what most mods actually use.

Thats bad because anyone who has access to a mods email account can dox anyone who reported a post under that mods jurisdiction. A hacker who wants to dox a user might try to hack a mods email address. Or lets say a government agency sent the forum a subpoena for the email address on file for a user and the forum decided to challenge it. The government agency could then send a subpoena to the mods email provider instead, who may not be so quick to challenge it.

I think most users agree this information is sensitive and should remain private to all non-admin staff. Can't you just change the from address to the forums email address?

[Lauda]

Thats bad because anyone who has access to a mods email account can dox anyone who reported a post under that mods jurisdiction.

How exactly could I DOX someone based on the email address used? Surely you are not using your personal email here? If you are, you should change it. Also this asumes that data is kept. I do not know about other moderators, but I clean these emails almost daily.

The government agency could then send a subpoena to the mods email provider instead, who may not be so quick to challenge it.

Not if you use an encrypted provider. How exactly would the government know that user X reported post Y under the 'jurisdiction' of moderator Z?

[Coin-Keeper]

Thats bad because anyone who has access to a mods email account can dox anyone who reported a post under that mods jurisdiction.

How exactly could I DOX someone based on the email address used? Surely you are not using your personal email here? If you are, you should change it. Also this asumes that data is kept. I do not know about other moderators, but I clean these emails almost daily.

The government agency could then send a subpoena to the mods email provider instead, who may not be so quick to challenge it.

Not if you use an encrypted provider. How exactly would the government know that user X reported post Y under the 'jurisdiction' of moderator Z?

Good points!!  Keeping a throw away email for here ONLY would make Gov intervention somewhat useless.  It would be an addy that dead ended for use here only.

[anonymoustroll420]

Wow, your points are so terrible I'm not even sure why I should bother replying, but I'll try.

How exactly could I DOX someone based on the email address used? Surely you are not using your personal email here? If you are, you should change it. Also this asumes that data is kept. I do not know about other moderators, but I clean these emails almost daily.

You securely erase your emails or you just press the delete button? Deleting emails doesn't destroy them, ask Hillary. Google and other large email providers routinely provide deleted emails when asked to. Deleting an email just hides it from you.

Do you not believe that the email address used on the account is sensitive information?

Even if it is a dedicated email address, it's still a security issue as knowing an account holders email address opens new avenues to hack accounts. Perhaps they used bad security practices on the account such as a weak password or security question, or perhaps they used a smaller email provider who has bad security practices. Or for example if the domain of the email address expired, someone could register it and use it to access the account. Also most email providers will provide the last IP's used to access it, information that bitcointalk doesn't give out.

Knowledge of the email account used poses significant privacy/security risks, if it didn't then why not just publicly display them.

Not if you use an encrypted provider.

You need to do some research on how email actually works. Encrypted email providers make great security theatre, they make uninformed people feel safe and cozy and give them a fuzzy feeling inside but they are so dangerous, because the email provider is the one doing the encryption. Bitcointalk doesn't encrypt emails. The email is sent from bitcointalk to the provider in plaintext (even if both providers use TLS as a transport email servers don't do trust-chain verification so are still MITM'able), and the encrypted email providers 'totally promise' to encrypt it for you, but you have no way to know if they actually do or if they didn't keep the plaintext. Encrypted email providers have been asked by the government to turn off encryption in the past, the email provider silentcircle had to shutdown because they were being forced to do this. Don't use an encrypted email provider, or if you do, know that they can read your emails.

How exactly would the government know that user X reported post Y under the 'jurisdiction' of moderator Z?

They may not even need to know that. A warrant requires probable cause, a subpoena only requires mere suspicion. Every judge has different rules on what suspicion is, but the bar is so low that basically nothing is required especially if the information is being held by a third party. They could subpoena every mod if they wanted to find out if the user reported a post.


Anyways, my main point is this. Do the mods need to know the email address of users who report posts? no. So then why not change it to the forums email address? It's not like this is a major change.

[Lauda]

You securely erase your emails or you just press the delete button? Deleting emails doesn't destroy them, ask Hillary. Google and other large email providers routinely provide deleted emails when asked to. Deleting an email just hides it from you.

Why would anyone use Google or similar providers for such? No, I'm not talking about those.

Do you not believe that the email address used on the account is sensitive information?

No. Even if you know my email address that is associated to this account it's just another dead end. If users do use personal email accounts or accounts with more activity then it could indeed be a problem.

-snip-
Don't use an encrypted email provider, or if you do, know that they can read your emails.

I was not talking about en-route encryption. That said, I definitely agree with your statement. Every encrypted email providers is working for the NSA and is reading every email.

They may not even need to know that. A warrant requires probable cause, a subpoena only requires mere suspicion. Every judge has different rules on what suspicion is, but the bar is so low that basically nothing is required especially if the information is being held by a third party. They could subpoena every mod if they wanted to find out if the user reported a post.

If they have access to your emails, then a subpoena would do the trick. How exactly is that different from sending a subpoena to Bitcointalk?

It's not like this is a major change.

It seems to not be trivial either.

[Lutpin]

Thats bad because anyone who has access to a mods email account can dox anyone who reported a post under that mods jurisdiction.

My forum email address is bitcointalk@lutp.in (which can also be seen publicly on my profile). Have fun.

I just tried that for my own email and got nothing. Did you just do a reverse search on whois?

It's the domain, not the address.

I don't know if this is your real infomation, but the WHOIS shows:
Registrant Name:Anthony Lucas

https://bitcointalk.org/index.php?topic=1413176.0

[cpfreeplz]

Thats bad because anyone who has access to a mods email account can dox anyone who reported a post under that mods jurisdiction.

My forum email address is bitcointalk@lutp.in (which can also be seen publicly on my profile). Have fun.

Omg. Lutpin Doxxed himself. The world is ending.


I don't see the point of it but at the same time when I did a report I thought, who cares? It's not my personal email anyways.

Thats bad because anyone who has access to a mods email account can dox anyone who reported a post under that mods jurisdiction.

My forum email address is bitcointalk@lutp.in (which can also be seen publicly on my profile). Have fun.

I don't know if this is your real infomation, but the WHOIS shows:

-snip-

Someone else may use their real information, or their whois protection may expire. On some registrars the whois protection expires before the domain does. Your registrar namecheap is one of those that does this. My point is it can be used to dox SOME people, mainly people who didn't use an anonymous email.

I just tried that for my own email and got nothing. Did you just do a reverse search on whois?

[Omegasun]

Thats bad because anyone who has access to a mods email account can dox anyone who reported a post under that mods jurisdiction.

My forum email address is bitcointalk@lutp.in (which can also be seen publicly on my profile). Have fun.

Omg. Lutpin Doxxed himself. The world is ending.


I don't see the point of it but at the same time when I did a report I thought, who cares? It's not my personal email anyways.

It is just an email. What is wrong if anyone doxxed a report? Or else they are afraid to get revenge by the one who reported. 

[anonymoustroll420]

Why would anyone use Google or similar providers for such? No, I'm not talking about those.

I believe BadBear used gmail. In any case, does protonmail securely erase emails? they never stated anywhere that they do, nor do you have anyway of knowing if they do or not. Only their front-end is open source, none of their backend is, so we have absolutely no idea what the delete button actually does.

I was not talking about en-route encryption. That said, I definitely agree with your statement. Every encrypted email providers is working for the NSA and is reading every email.

My statement referred to both encryption in transit and encryption at rest. It's quite simple, Protonmail can read your emails if they want to, even though they say that they can't. There is very little benefit of an encrypted email provider. The best way is for the sender to encrypt the email with the receivers key. Any encryption done by the provider themselves is security theatre.

No. Even if you know my email address that is associated to this account it's just another dead end. If users do use personal email accounts or accounts with more activity then it could indeed be a problem.

There's the problem.

then a subpoena would do the trick. How exactly is that different from sending a subpoena to Bitcointalk?

When you receive a subpoena, you have two options, comply or fight it. Bitcointalk may decide to fight a subpoena that they believe is illegal in some way, perhaps a subpoena that requests every users email address or something similar, and rather than deal with that, the government agency could bypass that altogether by subpoena'ing some email provider who will comply immediately.

It seems to not be trivial either.

In order to change this in smf 1.19 all that is needed is to edit the file Sources\SendTopic.php and change the following :

      // Send it to the moderator.
      sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName,
         sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($ID_MEMBER) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" .
         $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'] . "\n\n" .
         $txt['rtm_email_comment'] . ":\n" .
         $_POST['comment'] . "\n\n" .
         $txt[130], $user_info['email']);

to:

      // Send it to the moderator.
      sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName,
         sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($ID_MEMBER) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" .
         $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'] . "\n\n" .
         $txt['rtm_email_comment'] . ":\n" .
         $_POST['comment'] . "\n\n" .
         $txt[130], "noreply@bitcointalk.org";

Now I know that the forums software is heavily modified, I don't see how it could be modified in a way that would change this procedure, however another way to do it without having to change the forum software at all is to change the forums email server to filter out that header. IIRC this can be done with postfix. I personally think theymos is just lazy.

[shorena]

Why would anyone use Google or similar providers for such? No, I'm not talking about those.

I believe BadBear used gmail.

They use yahoo. I use gmail for this forum. Does not really matter though, does it?

In any case, does protonmail securely erase emails? they never stated anywhere that they do, nor do you have anyway of knowing if they do or not. Only their front-end is open source, none of their backend is, so we have absolutely no idea what the delete button actually does.

I was not talking about en-route encryption. That said, I definitely agree with your statement. Every encrypted email providers is working for the NSA and is reading every email.

My statement referred to both encryption in transit and encryption at rest. It's quite simple, Protonmail can read your emails if they want to, even though they say that they can't. There is very little benefit of an encrypted email provider. The best way is for the sender to encrypt the email with the receivers key. Any encryption done by the provider themselves is security theatre.

No. Even if you know my email address that is associated to this account it's just another dead end. If users do use personal email accounts or accounts with more activity then it could indeed be a problem.

There's the problem.

then a subpoena would do the trick. How exactly is that different from sending a subpoena to Bitcointalk?

When you receive a subpoena, you have two options, comply or fight it. Bitcointalk may decide to fight a subpoena that they believe is illegal in some way, perhaps a subpoena that requests every users email address or something similar, and rather than deal with that, the government agency could bypass that altogether by subpoena'ing some email provider who will comply immediately.

This all does not really matter either. Yes, the problem can be mitigated by user behaviour, e.g. by using a specific mail for this board only or a fake one like username@bitcointalk.org, but its still unneeded exposure of information. Not everyone may be aware and I agree with our pot smoking anon troll

It seems to not be trivial either.

In order to change this in smf 1.19 all that is needed is to edit the file Sources\SendTopic.php and change the following :

      // Send it to the moderator.
      sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName,
         sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($ID_MEMBER) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" .
         $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'] . "\n\n" .
         $txt['rtm_email_comment'] . ":\n" .
         $_POST['comment'] . "\n\n" .
         $txt[130], $user_info['email']);

to:

      // Send it to the moderator.
      sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName,
         sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($ID_MEMBER) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" .
         $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'] . "\n\n" .
         $txt['rtm_email_comment'] . ":\n" .
         $_POST['comment'] . "\n\n" .
         $txt[130], "noreply@bitcointalk.org";

Now I know that the forums software is heavily modified, I don't see how it could be modified in a way that would change this procedure, however another way to do it without having to change the forum software at all is to change the forums email server to filter out that header. IIRC this can be done with postfix. I personally think theymos is just lazy.

or maybe noone demanded it loud enough yet. I dont really care why it wasnt done until now, Id like to see it changed.

Edit: missing word.

[Lauda]

Bitcointalk may decide to fight a subpoena that they believe is illegal in some way, perhaps a subpoena that requests every users email address or something similar, and rather than deal with that, the government agency could bypass that altogether by subpoena'ing some email provider who will comply immediately.

The second part is an assumption in addition to a generalization which may or may not be true. Anyhow, it seems that you've done your fair amount of research regarding the change required to stop this from happening. Let's see whether theymos wants to remove it sometime soon.

In order to change this in smf 1.19 all that is needed is to edit the file Sources\SendTopic.php and change the following :
-snip-