It's possible to use bitcointalk.org without submitting any personal info. Use Tor + a throwaway email + a new pseudonym, etc. If you care about preventing personal information from being collected on bitcointalk.org, then preventing this collection is your responsibility.
Normal practices
This section describes our normal practices. A later section will describe exceptional variations.
Sharing
We never sell non-public user information to anyone.
In order to operate the site, the following data sharing occurs:
First, our moderators, administrators, system administrators, software developers, and others who perform services for us each have access to a different subset of user account data in order to perform their work. As a general principle, access is provided on a "need-to-know" basis.
Second, our tech-related service providers necessarily have access to user data, and could collect/store data beyond what bitcointalk.org itself does. Example service providers may or may not include, and are not limited to: Amazon Web Services, Google Cloud, Google ReCAPTCHA, hCaptcha, Cloudflare, and DigitalOcean. We do not use any third-party tracking technology such as Google Analytics or advertisement-related tracking cookies, though Google ReCAPTCHA (used on only certain pages) and Cloudflare in particular may do significant tracking. Refer to their respective privacy policies.
Retention
Here are various pieces of data and how retention works for them:
| Thing | Retention | Possible user actions to maximize privacy |
|---|
| Drafts | Until deleted | - |
| Page-by-page access logs and most other detailed logging | A few weeks | Use Tor; visit sensitive pages only when not logged in |
| Topic impressions log (logs time of impression and IP address or user ID, but not both at once, and the actual page visited is not logged here) | 2-3 months | |
| PMs | Until the sender and all recipients delete the PM, plus about 6 months | Always encrypt sensitive PMs. Regularly delete old incoming and outgoing PMs so that they don't linger in our database longer than necessary. Note also that PMs are often emailed in cleartext to the recipients by bitcointalk.org. |
| Log of read topics | Until deleted + about 6 months | Regularly use the link which marks individual sections or the entire forum as read. This deletes all past individual-topic logs on the marked-read boards. Or view sensitive topics only while logged off. |
| User IP logs | See the separate section on this below | Use Tor; opt into limited retention |
| Lists of detected possible alts | About 30 months | - |
| Error and ban logs | About 18-30 months | - |
| Deleted posts, as well as their edit histories | We keep them for at least several years, though any public posts will probably be scraped by others as well | Don't publicly post things that you might not want to exist forever |
| Various other data such as profile fields, watchlist, trust ratings, etc. | Kept on the live server until changed/deleted. Likely to be caught in database backups and then saved for a couple of years. | Don't express sensitive info in settings |
| Payment info such as Bitcoin addresses | Indefinite | Use private payment technology |
| Security, recovery, and moderation logs | Indefinite | - |
| Poll votes | Indefinite | - |
| Some IP info related to banned users | Indefinite | Use Tor; don't get banned |
| Reports | Indefinite | - |
| Email addresses, including all past email addresses | Indefinite | Use a new email account, an email forwarding service, or similar. Do not use a "disposable" email account, as email resets to publicly-accessible disposable emails is a common cause of accounts getting stolen. It is also currently possible to use a fake email like asdf@invalid.bitcointalk.org, and we may allow signing up without an email address in the future. However, if your account has never had a valid email address, then it will be extremely difficult to recover the account if it is ever stolen. |
| Communication with staff | Possibly indefinite | - |
IP-address retention
IP address retention works in this way:
| Thing | Normal retention | Limited retention | Retention for guests |
|---|
| Full IP | 6 months | 3 months | A few weeks |
| Partial IP | 2 years | N/A | N/A |
| City geolocation | 6 years | 3 months | N/A |
You can opt into limited retention in your account settings. This will apply only to logs created after you change the setting, and doing so will make it much more difficult for you to recover your account if it is ever lost.
Between 6 and 24 months, the IP linearly loses least-significant bits over time. For example, the IP 123.234.210.221 would lose 8 bits and become the prefix 123.234.210.0/24 approximately 10.5 months after it was logged. For IPv6, the least-significant 66 bits are dropped after 6 months, and then the remaining bits are dropped linearly over the 1.5-year period.
The city geolocation locates you to a nearby city according to your IP address. (If you're logged in, you can see what this looks like by visiting this page.)
Account deletion
We have not started doing this yet, but at some point we plan to start regularly deleting accounts which have been abandoned for many years, if they meet certain criteria. One of the requirements for account deletion will almost certainly be that the account mustn't have any PMs in its inbox or outbox (not counting PMs received after the user last logged in). You should also consider that if your account is deleted, your posts will probably still have your username associated with those posts. Therefore, if you want to delete your account, you should: 1) Purge all of your PMs. 2) Consider deleting some/all of your posts. You are able to delete your own replies, and while you can't delete topics you started, you can edit them to be blank. And 3) Don't log in for a long time, probably 6+ years.
Variation
Variation from the above normal procedure may occur, for example, due to these causes:
- Bitcointalk.org is in US jurisdiction, and is subject to US subpoenas, wiretap orders, preservation orders (which would negate the above retention rules), and similar. Furthermore, our service providers could also be subject to similar orders without our knowledge. Note that we consider PMs to require a warrant in order to be released.
- At our sole discretion, we may voluntarily assist law enforcement worldwide. Generally we do this only when we perceive that the target user has probably committed a serious and non-victimless crime.
- At our sole discretion, we may (noncommercially) share or extend retention on any of a specific user's userdata even without law-enforcement involvement. This is extremely rare, and done only when not doing so seems blatantly incorrect.
- While we don't intentionally set up systems to do so, data may end up laying around for longer than the above-specified retention limits accidentally. For example, a sysadmin might copy the access logs in order to analyze an ongoing DDoS attack and then forget to delete them for a while.
- Computer security can never be guaranteed.
