Bitcoin Forum
May 24, 2018, 08:42:10 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: How Secure is BitcoinTalk?  (Read 309 times)
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3038
Merit: 3124


View Profile
May 16, 2018, 05:13:11 AM
 #21

This is what I like about you. a true rebel.

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.

HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐       
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
1527151330
Hero Member
*
Offline Offline

Posts: 1527151330

View Profile Personal Message (Offline)

Ignore
1527151330
Reply with quote  #2

1527151330
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1428
Merit: 1073


Hire BOUNTYPORTALS>Bounty management goo.gl/pSzJuA


View Profile WWW
May 16, 2018, 06:01:59 AM
 #22

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.
This was actually done many years ago, many people viewed this person to be a scammer as a result. The forum currently uses an image proxy that makes this attack useless.


Only administrators can see your IP address.
The member's table has leaked at least once, and the forum has been hacked multiple times. Your registration IP address and your last recorded IP address as of when the members table leaked is more or less public information now. An unknown amount of additional information from the other hacks is potentially essentially public information as well.

Long-term logs are currently kept indefinitely.
I would advise against this.

Over time, you will inevitably lose some of this information for a variety of reasons, and you can potentially be in legal trouble if you are unable to produce specific information you say you retain indefinitely, especially if you are close to the person.

I would suggest, as an alternative to instead either retain the name of the person's ISP, geolocation data, or truncated IP address (or a combination thereof) over the very long term. This is likely what you essentially will use for things like account recovery anyway and in most instances, a user's IP address will have changed after several months (and to a much greater extent, after multiple years) anyway.   

Jet Cash
Hero Member
*****
Online Online

Activity: 896
Merit: 875


Satan's Slave


View Profile WWW
May 16, 2018, 07:11:18 AM
 #23

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

Try it and see how many IPs you get...

I haven't  looked into the programming required for this, as individual IPs are of no interest to me. View counts and referring URLs are about as far as I want to go.

Bitcoin Scammer ==>> Your chance to buy BitcoinScammer.com, and create a great surfer protection site.
Click here to visit the site, and make an offer
shahzadafzal
Member
**
Offline Offline

Activity: 154
Merit: 82


View Profile WWW
May 16, 2018, 07:33:25 AM
Merited by malevolent (2)
 #24

Try it and see how many IPs you get...

I haven't  looked into the programming required for this, as individual IPs are of no interest to me. View counts and referring URLs are about as far as I want to go.

Actually Theymos is pointing out that it's not possible anymore. bitcointalk is using image proxy which prevents any request being forwarded to the source directly from client's browser.

If you haven't notice all [img] tages are replaced like, so you will not get IP Address of the user but all requests will be coming from bitcointalk's image proxy server.

Code:
https://ip.bitcointalk.org/?u={url}

I seriously think, bitcointalk should enable Image caching on proxy server, currently it looks like caching is not enabled or used that's why we don't see any image for few [5+] seconds.

  ❍   BTCforJoe  ❍      ▬▬▬▬[ win up to $25USD and 8 Merits   every week ]▬▬▬▬  
▬▬[   Do you think your posts are better quality than mine? ]▬▬
▬▬  join Joe's Signatureless Challenge ▬▬
NavI_027
Full Member
***
Offline Offline

Activity: 294
Merit: 106



View Profile
May 16, 2018, 08:11:30 AM
 #25

First of all, I admire you for having the guts to continue engaging with crypto and also for not feeling discouraged at all despite the fact that it is banned in your country. At the same time, I'm a little bit worried to you because you may possibly punished by the law if ever you are proven guilty.

I'm not a total geek about computer stuffs but what I can suggest you is to use a VPN to hide your IP because that makes you anonymous everytime you will access the internet. I hope it helps.

Welsh
Legendary
*
Offline Offline

Activity: 1246
Merit: 1102



View Profile
May 16, 2018, 09:28:53 AM
 #26

The member's table has leaked at least once, and the forum has been hacked multiple times. Your registration IP address and your last recorded IP address as of when the members table leaked is more or less public information now. An unknown amount of additional information from the other hacks is potentially essentially public information as well.
I'm well aware that to be the case, but the OP registered well after the known database leak which I believe was in mid 2015. This is also why I mentioned it's not much of a big deal due to most IPs would have changed by now as you said here:
a user's IP address will have changed after several months (and to a much greater extent, after multiple years) anyway.   

First of all, I admire you for having the guts to continue engaging with crypto and also for not feeling discouraged at all despite the fact that it is banned in your country. At the same time, I'm a little bit worried to you because you may possibly punished by the law if ever you are proven guilty.

I'm not a total geek about computer stuffs but what I can suggest you is to use a VPN to hide your IP because that makes you anonymous everytime you will access the internet. I hope it helps.
This is also generally bad advise. Just because you are using a VPN doesn't mean you can trust those behind it, especially when confronted by a government authority they may release the information without even putting up a fight.

No log VPNs are good practice, but even these in the past have been caught keeping logs. Even, if you use Tor Browser there's speculation that a lot of the end nodes are actually NSA owned.

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE ! 

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

digaran
Hero Member
*****
Offline Offline

Activity: 812
Merit: 577


View Profile
May 16, 2018, 10:57:57 AM
 #27

This is what I like about you. a true rebel.

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.

Would you ban my country's IP from accessing this forum if there is a court order? I'm not talking about crime related bans, just a pure access to information? if so then how would you suggest to avoid this?

Not to mention that you supporting Bitcoin is equal to be a rebel where I come from.
Welsh
Legendary
*
Offline Offline

Activity: 1246
Merit: 1102



View Profile
May 16, 2018, 01:26:11 PM
 #28

Would you ban my country's IP from accessing this forum if there is a court order? I'm not talking about crime related bans, just a pure access to information? if so then how would you suggest to avoid this?
Even if the unlikely scenario happened you could use a VPN/Tor browser to access the forum, and that's how you would avoid it. Even if theymos did receive a court order to restrict certain countries from accessing the forum he would likely be able to argue that it's down to the users if they break the law in their jurisdiction, and therefore isn't down to him. Cour

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE ! 

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

Aveatrex
Sr. Member
****
Offline Offline

Activity: 336
Merit: 255


View Profile
May 16, 2018, 09:11:34 PM
 #29

Your mental model should always be that the forum logs everything, especially since it is behind Cloudflare, which is almost certainly an NSA-backed operation. But here is some more detail. Currently there are four classes of IP logs:
 - Every time your session refreshes (about every 10 minutes while you are browsing the site), your current IP is momentarily logged. This is only kept until a new such entry replaces it, except that whenever the daily database backup happens, the current value will be captured and then possibly kept for a long time.
 - A tuple (time, userID, ip) is logged whenever you view a forum ad in order to produce ad stats. These are kept for only a few weeks, and are not backed up.
 - Every HTTP request creates an access log, but while these contain IPs, they do not contain user IDs, and so on the whole they probably cannot be provably associated with users. These are usually deleted after a few months, and are not backed up.
 - Certain actions trigger a long-term IP log. This includes posts (but not PMs), security-log entries, certain errors, and registration. Long-term logs are currently kept indefinitely.

I don't like that IPs are sometimes kept indefinitely. To prevent abuse, it would probably be sufficient to keep them for ~6 months. But keeping these logs long-term is extremely useful for account recoveries. I've been thinking about this issue, and I think that in the future I might let users opt out of long-term IP logging if they have a public key registered in a (currently-not-existing) public-key-registration system. Though, again, even then you should model this site and all sites as keeping complete logs.

Unless I am somehow required to do so by law (though I can't see how in this case), I will not assist police who are seeking to enforce any Bitcoin ban.

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

Try it and see how many IPs you get...
This is what I like about you. a true rebel.

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.

Would you ban my country's IP from accessing this forum if there is a court order? I'm not talking about crime related bans, just a pure access to information? if so then how would you suggest to avoid this?

Not to mention that you supporting Bitcoin is equal to be a rebel where I come from.
-Thank you theymos for the clarification,I really appreciate that.
I also hope that you will implement the public-key-registration system in the near future as I'm sure alot of people living in countries banning crypto are also worried about tracks they leave behind them please don't forget us.I'm a bit more reassured atleast not all actions leave permanent IP record

-Correct me if I wrong but I don't think that Tor having nodes backed by the NSA would cause a lot of troube to users as a node can't directly link to your real IP unless all the nodes your tor client picked are backed by the NSA

pugman
Legendary
*
Offline Offline

Activity: 1120
Merit: 1081


"ChipMixer: Best bitcoin mixing service"


View Profile WWW
May 16, 2018, 11:07:29 PM
 #30

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.
What exactly is a bitcoin ban? I am probably assuming the ban from this forum? Also do explain your last point.

mdayonliner
Full Member
***
Offline Offline

Activity: 182
Merit: 108


0.002BTC paying http://bit.ly/RTBounty


View Profile WWW
May 16, 2018, 11:29:26 PM
 #31

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

Try it and see how many IPs you get...
What I understand from this is, It's not gonna work. So seems like we are safe.


Update:
Ok seems like I have missed this from shahzadafzal.
Actually Theymos is pointing out that it's not possible anymore. bitcointalk is using image proxy which prevents any request being forwarded to the source directly from client's browser.

If you haven't notice all [img] tages are replaced like, so you will not get IP Address of the user but all requests will be coming from bitcointalk's image proxy server.

Code:
https://ip.bitcointalk.org/?u={url}

I seriously think, bitcointalk should enable Image caching on proxy server, currently it looks like caching is not enabled or used that's why we don't see any image for few [5+] seconds.

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ Self development and BitcoinTalk [An honest review from experience] | Joe's Signatureless Challenge: Win $25 + 4 Merits every week!
Signature Available for rent. PM me with a good offer. I make around 50+ posts a week (I like spending time on the forum)
Example weeks: #1, #2, #3, #4 - I am not your usual shitposter (I believe). Feel free to review my post history
Welsh
Legendary
*
Offline Offline

Activity: 1246
Merit: 1102



View Profile
May 17, 2018, 02:11:21 PM
 #32

-Thank you theymos for the clarification,I really appreciate that.
I also hope that you will implement the public-key-registration system in the near future as I'm sure alot of people living in countries banning crypto are also worried about tracks they leave behind them please don't forget us.I'm a bit more reassured atleast not all actions leave permanent IP record

-Correct me if I wrong but I don't think that Tor having nodes backed by the NSA would cause a lot of troube to users as a node can't directly link to your real IP unless all the nodes your tor client picked are backed by the NSA

You would be correct.

The more end nodes you control in the network the more likely you are to control all the nodes in a circuit. If the NSA or any entity for instance controlled all nodes within the circuit you are using then they would be able to determine the IP that you use. This is why more nodes means more security, because it's more unlikely for one entity to control all the nodes. Although, with the spending power, and resources of someone like NSA there are concerns from a select few.

This probably isn't too much of a concern for someone who's accessing a forum that they aren't suppose too, but it's quite well known that journalists use the Tor project to communicate with "whistleblowers" and the like, and you can imagine why the government would want to listen into these. The motives are there, but I'm skeptical of how much of a problem it really is.

If you want extra protection some people connect to Tor via a VPN. Then you have to trust that VPN provider.

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE ! 

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

vlom
Legendary
*
Offline Offline

Activity: 1022
Merit: 1045


The Movement — Freedom Organization


View Profile WWW
May 17, 2018, 07:40:54 PM
 #33

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

is it really possible to place an image - even an invisible image - that works like the traking things that are sent via e-mail? the images that services like mailchimp uses.

edit. sorry, i should have read the second page too before asking this question.

Aveatrex
Sr. Member
****
Offline Offline

Activity: 336
Merit: 255


View Profile
May 17, 2018, 08:35:56 PM
 #34

This isn't a good example of me being a "rebel", since there's ~no legal risk in refusing to help police who don't have a court order, and there's even less risk when they're not even trying to enforce a law which exists in the forum's jurisdiction. Anyone in the US who would help foreign police with a Bitcoin ban is seriously misguided, at the very least.
What exactly is a bitcoin ban? I am probably assuming the ban from this forum? Also do explain your last point.
A Bitcoin ban means (In my case) that holding/transacting Bitcoin is illegal and could be punishable by law (fines and penalties) if caught.

imstillthebest
Full Member
***
Offline Offline

Activity: 294
Merit: 105



View Profile
May 17, 2018, 11:35:24 PM
 #35

If I put an image in a post in this thread, then I can get a list of the IPs of the people who have viewed the thread. Cross refer a few threads, and I can probably isolate your individual IP.

is it really possible to place an image - even an invisible image - that works like the traking things that are sent via e-mail? the images that services like mailchimp uses.

edit. sorry, i should have read the second page too before asking this question.

Yes it is really possible to post images as long as your current rank allows it. junior member and up is the ideal minimum rank that can be able to do it.

I forgot , copper members  that pays for membership is also another rank that can be able to allow images on their post.

And about the ip address thing , i dont thing any of us is concerned about it. ip address isnt really accurate because some of us are using a vpn or a virtual private network in order to browse the forum, so i think it is still pointless to trace the user.

Bitcointalk.org  is now verry secure because the forum has upgraded its security lately after the hacking had occur.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!