Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Meta
Topic OP
[psa] access to forum database may be given to a third party
by
btcmad1337
on 18/02/2014, 17:15:36 UTC
Quote from: wangbus on February 18, 2014, 09:59:11 AM
I haven't been given access to the database yet but will need it very soon.

Wangbus is working on the new forum software. It's not clear whether he needs the database schema or content or just specific tables, but this post gave me quite a scare considering there are many users here who need high levels of privacy.

For example, one user here who is a government whistleblower claims that letters they sent to EU officials were intercepted by corrupt customs officials. This person uses Bitcoin for all of their finances due to their bank accounts being frozen and does most of their Bitcoin transactions via members of this forum. It's not farfetched to assume that the government involved would like to learn more about this persons finances.  It is also likely that there are other users here in similar situations who may not want powerful entities reading their PM's on this forum and I'm sure the majority of users have at least one message they would like kept private.

I have no reason to believe that this software development company would spy on private messages but the problem is we can't know for sure and on top of this we have no idea how the database will be handled. If they do require the database content and if the database is not properly encrypted before transfer to Slickage Studios or not properly destroyed after it is quite possible it could be obtained by a malicious entity.

It is also possible that spyware on an employee's machine may also be able to obtain the database - governments are known to use BIOS-based spyware which is almost impossible to detect and requires specialized hardware to remove.

This is an unnecessary risk so if you have private PM's - you should be encrypting them - but if you haven't been then I'd recommend deleting them from your inbox and sent folder and also PMing the recipients and have them remove them from their inbox and sent folder also. This will remove them from the live database so you won't be exposed to any unnecessary risk should they be given to the software development company. We should always assume the worst case scenario and hope for the best...