This is a best-effort attempt at describing our current practices regarding privacy-relevant concerns, and is not an agreement.
It's possible to use bitcointalk.org without submitting any personal info. Use Tor + a throwaway email + a new pseudonym, etc. If you care about preventing personal information from being collected on bitcointalk.org, then preventing this collection is your responsibility.
Normal practices
This section describes our normal practices. A later section will describe exceptional variations.
Sharing
We never sell non-public user information to anyone.
In order to operate the site, the following data sharing occurs:
First, our moderators, administrators, system administrators, software developers, and others who perform services for us each have access to a different subset of user account data in order to perform their work. As a general principle, access is provided on a "need-to-know" basis.
Second, our tech-related service providers necessarily have access to user data, and could collect/store data beyond what bitcointalk.org itself does. Example service providers may or may not include, and are not limited to: Amazon Web Services, Google Cloud Platform, Google ReCAPTCHA, Cloudflare, DigitalOcean, and Vultr. We do not use any third-party tracking technology such as Google Analytics or advertisement-related tracking cookies, though Google ReCAPTCHA (used on only certain pages) and Cloudflare in particular may do significant tracking. Refer to their respective privacy policies.
Retention
Here are various pieces of data and how retention works for them:
| Thing | Retention | Possible user actions to maximize privacy |
|---|
| Drafts | Until deleted | - |
| Page-by-page access logs and most other detailed logging | A few weeks | Use Tor; visit sensitive pages only when not logged in |
| Ad impressions log (logs time of impression and IP address or user ID, but not both at once, and the actual page visited is not logged here) | 2-3 months | |
| PMs | Until the sender and all recipients delete the PM, plus about 6 months | Always encrypt sensitive PMs. Regularly delete old incoming and outgoing PMs so that they don't linger in our database longer than necessary. Note also that PMs are often emailed in cleartext to the recipients by bitcointalk.org. |
| Log of all viewed topics | Until deleted + about 6 months | Regularly use the link which marks individual sections or the entire forum as read. This deletes all past individual-topic logs on the marked-read boards. Or view sensitive topics only while logged off. |
| User IP logs | See the separate section on this below | Use Tor; opt into limited retention |
| Error and ban logs | About 18 months | - |
| Lists of detected possible alts | About 30 months | - |
| Various other settings such as profile fields, watchlist, etc. | Kept on the live server until changed/deleted. Likely to be caught in backups and then possibly saved indefinitely. | Don't express sensitive info in settings |
| Deleted posts and trust ratings, as well as their edit histories | Kept on the live server for a couple of years; then probably kept indefinitely in backups | Don't publicly post things that you might not want to exist forever |
| Payment info such as Bitcoin addresses | Indefinite | Use private payment technology |
| Security, recovery, and moderation logs | Indefinite | - |
| Poll votes | Indefinite | - |
| Some IP info related to banned users | Indefinite | Use Tor; don't get banned |
| Reports | Indefinite | - |
| Email addresses, including all past email addresses | Indefinite | Use a new email account, an email forwarding service, or similar. Do not use a "disposable" email account, as email resets to publicly-accessible disposable emails is a common cause of accounts getting stolen. It is also currently possible to use a fake email like asdf@invalid.bitcointalk.org, and we may allow signing up without an email address in the future. However, if your account has never had a valid email address, then it will be extremely difficult to recover the account if it is ever stolen. |
| Communication with staff | Possibly indefinite | - |
You cannot delete your account.
IP-address retention
IP address retention works in this way:
| Thing | Normal retention | Limited retention | Retention for guests |
|---|
| Full IP | 6 months | 3 months | A few weeks |
| Partial IP | 2 years | N/A | N/A |
| City geolocation | 6 years | 3 months | N/A |
You can opt into limited retention in your account settings. This will apply only to logs created after you change the setting, and doing so will make it much more difficult for you to recover your account if it is ever lost.
Between 6 and 24 months, the IP linearly loses least-significant bits over time. For example, the IP 123.234.210.221 would lose 8 bits and become the prefix 123.234.210.0/24 approximately 10.5 months after it was logged. For IPv6, the least-significant 66 bits are dropped after 6 months, and then the remaining bits are dropped linearly over the 1.5-year period.
The city geolocation locates you to the nearest large city according to your IP address.
Exception: if you click on a "ping link" as part of a manual account recovery process, the IP log created by this action has possibly-indefinite retention.
Variation
Variation from the above normal procedure may occur, for example, due to these causes:
- Bitcointalk.org is in US jurisdiction, and is subject to US subpoenas, wiretap orders, preservation orders (which would negate the above retention rules), and similar. Furthermore, our service providers could also be subject to similar orders without our knowledge. Note that we consider PMs to require a warrant in order to be released.
- At our sole discretion, we may voluntarily assist law enforcement worldwide. Generally we do this only when we perceive that the target user has probably committed a serious and non-victimless crime.
- At our sole discretion, we may (noncommercially) share or extend retention on any of a specific user's userdata even without law-enforcement involvement. This is very rare.
- While we don't intentionally set up systems to do so, data may end up laying around for longer than the above-specified retention limits accidentally. For example, a sysadmin might copy the access logs in order to analyze an ongoing DDoS attack and then forget to delete them for a while.
- Computer security can never be guaranteed.
