Bitcoin Forum
July 07, 2025, 12:21:42 PM *
News: Latest Bitcoin Core release: 29.0 [Torrent]
 
   Home   Help Search Login Register More  
About privacy

It's possible to use bitcointalk.org without submitting any personal info. Use Tor + a throwaway email + a new pseudonym, etc. If you care about preventing personal information from being collected on bitcointalk.org, then preventing this collection is your responsibility.

Normal practices

This section describes our normal practices. A later section will describe exceptional variations.

Sharing

We never sell non-public user information to anyone.

In order to operate the site, the following data sharing occurs:

First, our moderators, administrators, system administrators, software developers, and others who perform services for us each have access to a different subset of user account data in order to perform their work. As a general principle, access is provided on a "need-to-know" basis.

Second, our tech-related service providers necessarily have access to user data, and could collect/store data beyond what bitcointalk.org itself does. Example service providers may or may not include, and are not limited to: Amazon Web Services, Google Cloud, Google ReCAPTCHA, hCaptcha, Cloudflare, and DigitalOcean. We do not use any third-party tracking technology such as Google Analytics or advertisement-related tracking cookies, though Google ReCAPTCHA (used on only certain pages) and Cloudflare in particular may do significant tracking. Refer to their respective privacy policies.

Retention

Here are various pieces of data and how retention works for them:
ThingRetentionPossible user actions to maximize privacy
DraftsUntil deleted -
Page-by-page access logs and most other detailed loggingA few weeksUse Tor; visit sensitive pages only when not logged in
Topic impressions log (logs time of impression and IP address or user ID, but not both at once, and the actual page visited is not logged here)2-3 months
PMsUntil the sender and all recipients delete the PM, plus about 6 monthsAlways encrypt sensitive PMs. Regularly delete old incoming and outgoing PMs so that they don't linger in our database longer than necessary. Note also that PMs are often emailed in cleartext to the recipients by bitcointalk.org.
Log of read topicsUntil deleted + about 6 monthsRegularly use the link which marks individual sections or the entire forum as read. This deletes all past individual-topic logs on the marked-read boards. Or view sensitive topics only while logged off.
User IP logsSee the separate section on this belowUse Tor; opt into limited retention
Lists of detected possible altsAbout 30 months -
Error and ban logsAbout 18-30 months -
Deleted posts, as well as their edit historiesWe keep them for at least several years, though any public posts will probably be scraped by others as wellDon't publicly post things that you might not want to exist forever
Various other data such as profile fields, watchlist, trust ratings, etc.Kept on the live server until changed/deleted. Likely to be caught in database backups and then saved for a couple of years.Don't express sensitive info in settings
Payment info such as Bitcoin addressesIndefiniteUse private payment technology
Security, recovery, and moderation logsIndefinite -
Poll votesIndefinite -
Some IP info related to banned usersIndefiniteUse Tor; don't get banned
ReportsIndefinite -
Email addresses, including all past email addressesIndefiniteUse a new email account, an email forwarding service, or similar. Do not use a "disposable" email account, as email resets to publicly-accessible disposable emails is a common cause of accounts getting stolen. It is also currently possible to use a fake email like asdf@invalid.bitcointalk.org, and we may allow signing up without an email address in the future. However, if your account has never had a valid email address, then it will be extremely difficult to recover the account if it is ever stolen.
Communication with staffPossibly indefinite -
IP-address retention
IP address retention works in this way:
ThingNormal retentionLimited retentionRetention for guests
Full IP6 months3 monthsA few weeks
Partial IP2 yearsN/AN/A
City geolocation6 years3 monthsN/A

You can opt into limited retention in your account settings. This will apply only to logs created after you change the setting, and doing so will make it much more difficult for you to recover your account if it is ever lost.

Between 6 and 24 months, the IP linearly loses least-significant bits over time. For example, the IP 123.234.210.221 would lose 8 bits and become the prefix 123.234.210.0/24 approximately 10.5 months after it was logged. For IPv6, the least-significant 66 bits are dropped after 6 months, and then the remaining bits are dropped linearly over the 1.5-year period.

The city geolocation locates you to a nearby city according to your IP address. (If you're logged in, you can see what this looks like by visiting this page.)

Account deletion
We have not started doing this yet, but at some point we plan to start regularly deleting accounts which have been abandoned for many years, if they meet certain criteria. One of the requirements for account deletion will almost certainly be that the account mustn't have any PMs in its inbox or outbox (not counting PMs received after the user last logged in). You should also consider that if your account is deleted, your posts will probably still have your username associated with those posts. Therefore, if you want to delete your account, you should: 1) Purge all of your PMs. 2) Consider deleting some/all of your posts. You are able to delete your own replies, and while you can't delete topics you started, you can edit them to be blank. And 3) Don't log in for a long time, probably 6+ years.

Variation

Variation from the above normal procedure may occur, for example, due to these causes:
  • Bitcointalk.org is in US jurisdiction, and is subject to US subpoenas, wiretap orders, preservation orders (which would negate the above retention rules), and similar. Furthermore, our service providers could also be subject to similar orders without our knowledge. Note that we consider PMs to require a warrant in order to be released.
  • At our sole discretion, we may voluntarily assist law enforcement worldwide. Generally we do this only when we perceive that the target user has probably committed a serious and non-victimless crime.
  • At our sole discretion, we may (noncommercially) share or extend retention on any of a specific user's userdata even without law-enforcement involvement. This is extremely rare, and done only when not doing so seems blatantly incorrect.
  • While we don't intentionally set up systems to do so, data may end up laying around for longer than the above-specified retention limits accidentally. For example, a sysadmin might copy the access logs in order to analyze an ongoing DDoS attack and then forget to delete them for a while.
  • Computer security can never be guaranteed.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!