Which admins have the ability to read DMs

An IT guru and also the designer of a bunch of our logos, note their join time

Appreciate the answers

nope, @sidco has the god powers!

I was hoping you’d save me from rowan’s attempt to take my job

what did I miss? Where did that transpire?

Pretty sure level 4’s cannot read DMs. I have no idea how to even attempt that.

I don’t even wanna know what y’all degenerates are messaging each other, so don’t worry.

Just playin, I love u all—and your private messages are yours as far as I’m concerned.

What the hell!

Really!

Anything you have not encrypted on your machine assume anyone else can read.

@Future without end to end encryption that plugin is utterly a joke. Trusting the server for key storage also is absurd security wise

Everyone: Use PGP

I’m still using Morris code.

One time pad and a carrier pigeon ftw

This part

Technical details

At no point in time will any non encrypted private conversation or private credentials be sent to the server. The only trust that will be placed on the server is that nobody messed with the JavaScript payload sent to the client.

Private and public key pairs will be generated 100% on the client side and then the private key will be encrypted using AES symmetric encryption prior to handing it to the server for safekeeping, we will stretch the passphrase using randomly generated salt stored on the server. Key stretching will be done on the client using PBKDF2 (available in web crypto api). The private/public key pair will be stored on the client in IndexDB using a non exportable CryptoKey object. Exportable CryptoKey data will be removed from memory as soon as possible.

Encrypted private key and public key will be stored in a user custom fields. Only current_user will be allowed to read/write the encrypted private key, all logged on users will be allowed to read public keys for all users.

Conversation keys will be generated client side on conversation initiation or invite and encrypted using all the public keys involved in the conversation. This data will be stored in a dedicated table (user_id, topic_id, encrypted_conversation_key) , this row will be creatable by any user in the conversation but only readable by current_user == user_id .

Lead me to belive it was secure, maybe I’m mistaken

a. Storing the keys on the server isn’t good security practice, encypted or not
b. any newly created implementation of any secure messaging should be taken with several grains of salt. Lack of maturity and 3rd party auditing makes any implementation questionable at best

In short, i wouldn’t trust my freedom on it being secure.

@cxojinu designed our logo, helped pick the color scheme, and has been a pal for over 10 years. Much love.
Technically in Discourse just admins have access to another persons account, including DMs, as @Future posted above. Vultr does the hosting. I and them are the only ones with access to a system console (ssh) including database, files, logs and such. I am the only one with the gpg keys to the backups.
Treat anything you do here like it’s happening in a public place.
If both users delete the DM it gets purged from the live DB.
Use GPG, end to end free to use (open source) encryption. I understand easier said than done, but a quick online search of gpg+yourOS will get you well on your way.

I don’t understand any of this—but does it mean only you and the developer can see DMs?

If he could take your job i’d eat my hat!

Anyone on this list Future4200 and Vultr the hosting company Vultr Privacy Policy - Vultr.com could potentially view our DMs, and some other identifiable information like your current IP address.
I am the only one with access to the backup DB.

Developer isn’t the right word exactly. Discourse, the people who develop this platform cannot see our DMs.

You think Emails are private?
If you’re not whispering into someone’s ear while loud music plays in the background, chances are that it’s not in all actuality private & available to someone who’s in the right place at the right time to pick it up.

There’s a difference between then surveilling everything and them actually listening to what they record - don’t act stupid and give them a reason to type in your name to their super secret federal government search bar and you’re fine.