Cryptos-Currencies.Com : First forum using Epochtalk

[lulucrypto]

Hello,

For the moment, Epochtalk is still very limited in terms of customization compared to SMF.

If you are really looking for customization I advise you to stay on SMF for the moment

[1714857126]

1714857126

[1714857126]

1714857126

[1714857126]

1714857126

[1714857126]

1714857126

[1714857126]

1714857126

[1714857126]

1714857126

[Carlton Banks]

@lulucrypto

How easy would it be to implement PGP authentication for joining Epochtalk based forums?

I understand the problems, PGP keys are free to create infinitely. But:

• New email addresses are basically free too, spammers etc always find a way to access unlimited new email addresses
• PGP keys can be proved to be from a known person, emails not always so well
• By staying with email based signup/login, we're rewarding the spammers/abusive, and punishing normal people who want anonymity for good reasons

[lulucrypto]

Hello,

That's a very good question.

I have never implemented this kind of system personally.

It would be best to have the answer someone who has already done this to have a correct answer.

[Carlton Banks]

that's reasonable

the issue I see is that one needs a different email for every account, or 1 email and put alot of trust into the email provider who knows exactly which websites one has accounts with. Using PGP for login/signup doesn't have that problem, and can still be used to verify identity if that's what the user wants.

after all, this is Bitcoin: don't trust, verify

[malevolent]

FIDO2/U2F authentication would be ideal, maybe using a Trezor.

Example: https://wiki.trezor.io/Two-factor_Authentication_with_U2F_(Google)

GPG is more cumbersome and inconvenient to use to an average person.

e: fixed broken link

[Carlton Banks]

FIDO2/U2F authentication would be ideal, maybe using a Trezor.

Example: https://wiki.trezor.io/Two-factor_Authentication_with_U2F_(Google)

GPG is more cumbersome and inconvenient to use to an average person.

totally disagree

• Trezor is $69
• Google Auth encourages people be lazy and use their phone to handle it, which kinda screws everyone's anonymity by default
• PGP is free, and has gui versions for those who don't like command lines

and whichever way you go with authenticating with user handled cryptography, weird text strings are always involved.

there's no good reason not to offer PGP, at least if you care about decentralisation and letting people have the most choices how they control their own life.

And PGP is a powerful ID system too, so if you want to get a decentralized "blue tick" you can forego anonymity and use PGP to do it, Trezor and Google Auth cannot do this, whereas PGP already has a network of people using it as ID

[stuffokator]

Hey,

I'm just curious, is this new forum software GDPR compliant? Are there any docs regarding personal data processing? What if the users decide to exercise their right to be forgotten as per Art. 17 GDPR. Is it easy to deal with such requests?

[Carlton Banks]

Hey,

I'm just curious, is this new forum software GDPR compliant? Are there any docs regarding personal data processing? What if the users decide to exercise their right to be forgotten as per Art. 17 GDPR. Is it easy to deal with such requests?

yes and no

yes, forum moderator can delete user posts/accounts.

no, forum moderators cannot prevent people saving public (or private) user posts/messages and then publishing those.


This is a fundamental aspect of dealing with publicly released data of any type or any platform. EpochTalk is subject to the exact same laws as any other platform in this regard: the laws of reality.

GDPR is not magic, if someone saves something you put online, you're relying on their goodwill not to re-publish that later if you reconsider it as a mistake. Best outcome is achieved by thinking very carefully before you put it online, because statutory legislation cannot protect you if someone re-publishing something attributed to you is sufficiently motivated to keeping that data publicly available.

If you do something interesting enough online, good or bad, it will last a long long time. And there's nothing anyone can do about it, it is equal measures of arrogance and ignorance to believe such a thing to be possible.

[AverageGlabella]

GDPR is not magic, if someone saves something you put online, you're relying on their goodwill not to re-publish that later if you reconsider it as a mistake. Best outcome is achieved by thinking very carefully before you put it online, because statutory legislation cannot protect you if someone re-publishing something attributed to you is sufficiently motivated to keeping that data publicly available.

If you do something interesting enough online, good or bad, it will last a long long time. And there's nothing anyone can do about it, it is equal measures of arrogance and ignorance to believe such a thing to be possible.

If you are worrying about someone using the data that you are posting  online then you should probably rethink whether you want to post it in the first place. If you are posting/sending personal data then it should always be encrypted anyway. Theymos has shown at least that hes only willing to release data that he has to because of the law but is not going to release data he thinks is irrelevant. I think in the past he has released information only on big cases such as the silkroad messages.

[malevolent]

If you are worrying about someone using the data that you are posting  online then you should probably rethink whether you want to post it in the first place. If you are posting/sending personal data then it should always be encrypted anyway. Theymos has shown at least that hes only willing to release data that he has to because of the law but is not going to release data he thinks is irrelevant. I think in the past he has released information only on big cases such as the silkroad messages.

If someone has been harmed and they report it to the police, that might be enough to convince theymos to release information that could benefit an investigation. For victimless crimes afaik theymos will only cooperate when legally bound to (e.g. a valid US court order).