|
Freakdaddy
Trusted



Registered: 07/11/08
Posts: 1,086
Last seen: 5 years, 8 months
|
Encryption now funderbunked at Shroomery (for me)
#13127600 - 08/31/10 04:48 AM (13 years, 8 months ago) |
|
|
Happened about two months ago. Suddenly unable to encrypt (or read encrypted) anything.
I sent PM to Ythan, and got a reply back...which seemed kinda automated (impersonal), saying (in effect): "We can restore your encryption capabilities, but first you'll need to feed us your password and original Shroomery encryption account code, which is stored on your computer."
Like I'd ever do that. 
So. Ythan, if you're reading this: Please send PM to me personally and let me know how to get my encryption going again here.
Danke,
Freakdaddy
|
Ythan
ᕕ( ᐛ )ᕗ


Registered: 08/08/97
Posts: 18,840
Loc: NY/MA/VT Borderlands
Last seen: 1 hour, 53 minutes
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Freakdaddy]
#13130494 - 08/31/10 07:27 PM (13 years, 8 months ago) |
|
|
Right, I responded to your support ticket on 7th July, 2010 Wednesday 13:38:55 GMT -0700. You didn't write back and a week later the ticket was automatically closed due to inactivity. So, you wait two months, then complain about my "impersonal" response in a random forum and tell me to PM you? Geez, cut me some slack. I gave you the best answer I could, asking again won't change anything. If you still need help you can start by responding to the troubleshooting advice which I'll provide again below. Or just go to https://www.shroomery.org/pubssl/index.php?action=forgot and recreate your keypair, but you won't be able to decrypt any of your old secure PMs.
Incidentally, if you wouldn't trust an admin with your private key, you probably shouldn't be using our secure PM system to begin with. Any setup where the encryption occurs server-side, you're already trusting us to run a secure implementation and not pull anything shady. Encrypted PMs are meant to provide a degree of protection in certain scenarios, eg. if a hacker gets a dump of our database, or your account is compromised by a third party. But if you want to be sure that admins can't read your messages, you should run GPG on your own system, manage your own keys, and handle all encryption locally. Just for the record we don't have the ability to read secure PMs, but we could easily add a backdoor if we wanted. Make sure you understand the implications of using server-side vs. client-side encryption.
Quote:
I'm sorry for your trouble decrypting secure PMs. There are a few things we can try in order to get this resolved.
First I want to make sure that you're clear about the distinction between your passphrase and your private key, since this is by far the most common cause of problems with secure PMs. To decrypt a message you must enter the short passphrase you chose when you first enabled secure PMs. Then you may sometimes be prompted to upload "Yourname_Private_Key_(Shroomery).txt". But you shouldn't copy and paste the content of that file into the passphrase box, or anything like that. They are two separate things.
If you understand all that and just want to experiment and try to get it working, you can log in as 'visitor' / 'testaccount' using a different browser and send secure PMs back and forth with yourself.
If you have existing secure PMs in your inbox which you want to read, I can try to get it working but I will need you to tell me your passphrase and attach your private key.
Or if you're not worried about preserving existing secure PMs, I can recreate your keypair, ensure that it's working on my end, then send the key and passphrase to you for testing.
Please let me know how you want to proceed, and I'm sorry for the inconvenience.
|
johnm214



Registered: 05/31/07
Posts: 17,582
Loc: Americas
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Ythan]
#13131582 - 08/31/10 10:34 PM (13 years, 8 months ago) |
|
|
Quote:
Ythan said: Incidentally, if you wouldn't trust an admin with your private key, you probably shouldn't be using our secure PM system to begin with. Any setup where the encryption occurs server-side, you're already trusting us to run a secure implementation and not pull anything shady.
Yep
If you are that concerned about it, encrypt the thing yourself and send it to whomever you want through the messaging system- the admins and the alien overlords will only seen the ciphertext.
Of course in this situation you'll need to work out your system and your keys between yourself and the recipient, which is why the shroomery system is nice.
The shroomery was nice enough to implement a nifty system to manage things for you, and your bitching that an admin from a free service didn't kiss your ass when you asked for help? The shroomery doesn't owe you shit, go work out an ecryption system on your own if you have a problem with the one implemented here.
|
Freakdaddy
Trusted



Registered: 07/11/08
Posts: 1,086
Last seen: 5 years, 8 months
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Ythan]
#13132330 - 09/01/10 05:44 AM (13 years, 8 months ago) |
|
|
Quote:
Ythan said: Right, I responded to your support ticket on 7th July, 2010 Wednesday 13:38:55 GMT -0700. You didn't write back and a week later the ticket was automatically closed due to inactivity. So, you wait two months, then complain about my "impersonal" response in a random forum and tell me to PM you? Geez, cut me some slack. I gave you the best answer I could, asking again won't change anything. If you still need help you can start by responding to the troubleshooting advice which I'll provide again below. Or just go to https://www.shroomery.org/pubssl/index.php?action=forgot and recreate your keypair, but you won't be able to decrypt any of your old secure PMs.
Incidentally, if you wouldn't trust an admin with your private key, you probably shouldn't be using our secure PM system to begin with. Any setup where the encryption occurs server-side, you're already trusting us to run a secure implementation and not pull anything shady. Encrypted PMs are meant to provide a degree of protection in certain scenarios, eg. if a hacker gets a dump of our database, or your account is compromised by a third party. But if you want to be sure that admins can't read your messages, you should run GPG on your own system, manage your own keys, and handle all encryption locally. Just for the record we don't have the ability to read secure PMs, but we could easily add a backdoor if we wanted. Make sure you understand the implications of using server-side vs. client-side encryption.
Quote:
I'm sorry for your trouble decrypting secure PMs. There are a few things we can try in order to get this resolved.
First I want to make sure that you're clear about the distinction between your passphrase and your private key, since this is by far the most common cause of problems with secure PMs. To decrypt a message you must enter the short passphrase you chose when you first enabled secure PMs. Then you may sometimes be prompted to upload "Yourname_Private_Key_(Shroomery).txt". But you shouldn't copy and paste the content of that file into the passphrase box, or anything like that. They are two separate things.
If you understand all that and just want to experiment and try to get it working, you can log in as 'visitor' / 'testaccount' using a different browser and send secure PMs back and forth with yourself.
If you have existing secure PMs in your inbox which you want to read, I can try to get it working but I will need you to tell me your passphrase and attach your private key.
Or if you're not worried about preserving existing secure PMs, I can recreate your keypair, ensure that it's working on my end, then send the key and passphrase to you for testing.
Please let me know how you want to proceed, and I'm sorry for the inconvenience.
Ythan:
a) The tone of your initial response was so lukewarm/indifferent that I thought it was of the auto-responder variety. Thus, I did not bother to reply.
b) The asking for my password lit off in me the requisite WTF? (E.g., Can we swap? Yah?)
c) No clue was given by you as to WHY my encryption was suddenly funderbunked at Shroomery...even as I was a Sponsor. (Do, please, let me know if this has occurred previously with other users; if so, what was the deal with said glitch...and, if not, why might it have occurred in my account?)
Looking forward to another reply, above-board.
Best,
Freakdaddy
|
Freakdaddy
Trusted



Registered: 07/11/08
Posts: 1,086
Last seen: 5 years, 8 months
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: johnm214]
#13132346 - 09/01/10 05:52 AM (13 years, 8 months ago) |
|
|
Quote:
johnm214 said: The shroomery was nice enough to implement a nifty system to manage things for you, and your bitching that an admin from a free service didn't kiss your ass when you asked for help?
I held a Sponsor account during the time the encryption went foul. Blow it out yer ass. And who's asking you?
Quote:
The shroomery doesn't owe you shit, go work out an encryption system on your own if you have a problem with the one implemented here.
The Shroomery needs to answer--above-board--why a user's encryption facilities might suddenly cease functioning. And if this kinda thang has occurred previously in other accounts, what the nature of this glitch might be; and, if such has not ever been seen previously, a trouble-shooting into the nature of why it happened with mine.
|
Ythan
ᕕ( ᐛ )ᕗ


Registered: 08/08/97
Posts: 18,840
Loc: NY/MA/VT Borderlands
Last seen: 1 hour, 53 minutes
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Freakdaddy]
#13132949 - 09/01/10 10:06 AM (13 years, 8 months ago) |
|
|
Sorry but you kind of sound like a dick so I don't think I'll be wasting any more time on your problem. I was trying to troubleshoot two months ago when you first asked for help, but apparently my message sounded "too automatic" for you to bother responding so fuck it. For what it's worth, it's probably some sort of ID: 10-T error.
|
Freakdaddy
Trusted



Registered: 07/11/08
Posts: 1,086
Last seen: 5 years, 8 months
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Ythan]
#13133100 - 09/01/10 10:58 AM (13 years, 8 months ago) |
|
|
Quote:
Ythan said: Sorry but you kind of sound like a dick so I don't think I'll be wasting any more time on your problem. I was trying to troubleshoot two months ago when you first asked for help, but apparently my message sounded "too automatic" for you to bother responding so fuck it. For what it's worth, it's probably some sort of ID: 10-T error.
Eh-eh. Not cool at all. 
A Shroomery Sponsor gets his encryption hosed; is met with a request to "furnish your password and maybe we might be able to fix it somehow"-style, boilerplate response. Management doesn't and hasn't endeavored to figure out the problem. And Management doesn't like to be reminded of it? 
wOw.
|
Epilson Lyrae
Armed with hammers



Registered: 04/07/09
Posts: 5,561
Loc: Woody Creek
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Freakdaddy]
#13142174 - 09/03/10 09:43 AM (13 years, 8 months ago) |
|
|
This thread is too impersonal.
No one here has even offered me any fruit.
God I love the drama.
-------------------- "Freedom is something that dies unless it's used." H.T. I've come to believe that the heart is the filter of the enlightened mind. Epilson Lyrae
|
Anonymous #1
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Ythan]
#13149740 - 09/05/10 08:27 AM (13 years, 8 months ago) |
|
|
Quote:
Ythan said: Sorry but you kind of sound like a dick so I don't think I'll be wasting any more time on your problem. I was trying to troubleshoot two months ago when you first asked for help, but apparently my message sounded "too automatic" for you to bother responding so fuck it. For what it's worth, it's probably some sort of ID: 10-T error.
It did sound very automatic to be fair.
He may not be very nice about it but the man does make a fair point - his service wasn't working and he wanted to fix it without compromising his own password. Also, since he though that your response was automated, it is reasonable that he wouldn't reply with a follow up. How often do you reply to automated messages?
Anyway that's just my two bob.
|
Ythan
ᕕ( ᐛ )ᕗ


Registered: 08/08/97
Posts: 18,840
Loc: NY/MA/VT Borderlands
Last seen: 1 hour, 53 minutes
|
Re: Encryption now funderbunked at Shroomery (for me) [Re: Anonymous #1] 1
#13150750 - 09/05/10 01:09 PM (13 years, 8 months ago) |
|
|
Every time he decrypts a PM he is "compromising his own password". He won't give it to me, but he'll gladly send it to a server where I have admin access? His concern is based on a fundamental misunderstanding of our encryption security, but I didn't have a chance to explain because he didn't tell me that's what he was worried about.
The reason the initial secure PM troubleshooting instructions look generic is because they are. First of all, secure PMs were specifically designed to be impenetrable to admins, so unlike with most technical problems, typical troubleshooting procedures are not possible. I can't just take a vague description of the problem and track it down myself, at least not without the user divulging his private key. That is why I provide some initial suggestions for the user to troubleshoot on their own, and also provide the option for them to hand to task off to me if they are comfortable doing so.
But here is why I think the OP is unreasonable. Say you're in his shoes and you just received the response I quoted above. What would be a normal, sane way to handle the situation? A good start would be to reply to the support ticket. I'm happy to work with people, explain technical details, address their individual concerns, whatever it takes. So how about taking 30 seconds and typing out:
Quote:
Hi, thanks for your response. It looked kind of generic though, am I talking to a real person here? I have a few specific questions for you and I just want to make sure I'm not wasting my time.
or
Quote:
Hi, I followed your suggestions but I still couldn't get it working on my end. I'm not really comfortable sharing my private key, is there anything else we can try?
What would be a weird, passive-aggressive, crazy way to handle the situation? Don't respond, wait two months, pick a random forum, and make a post bitching about how your problem wasn't solved and our support sucks.
Also relevant, in the past I have spent hours working through secure PM problems with a number of different users, and except for a single case right after the feature's introduction, every problem has been due to a mistake or misconception by the user. I've done my best to provide a simple and easy implementation of public-key encryption, but the system is inherently a bit complex and unintuitive if you have no understanding of how it works. People think their passphrase is their private key, their BB password is their passphrase, they can use an old private key file after recreating their keypair, etc. So when I explain a few of the most common mistakes and then don't hear back, I assume they got it working.
Anyway in the time I've spent defending my opinion I could have just given him his stupid personalized response, so here you go.
Quote:
Hello Freakdaddy,
How nice to hear from you! I see recently had your two-year anniversary on the site. Congratulations and thank you for your continued membership! I'm also pleased to see you have recently colonized six BRF and one rye-berry mycobag and are planning on fruiting them outdoors. It gives me great pleasure to observe your growth and progression as a mycologist.
Freakdaddy, I am so very sorry to hear about your problem with secure private messages. I see you have 53 secure PMs and it must be incredibly frustrating to not be able to read any of them. Please indulge me as I walk you through some common troubleshooting steps. I noticed that only 2.35% of your posts are in the Science and Technology forum, so you may not be familiar with some aspects of how our encryption system works. If you have any questions, please ask!
First I want to make sure that you're clear about the distinction between your passphrase and your private key, since this is by far the most common cause of problems with secure PMs. To decrypt a message you must enter the short passphrase you chose when you first enabled secure PMs. Then you may sometimes be prompted to upload "Freakdaddy_Private_Key_(Shroomery).txt". But you shouldn't copy and paste the content of that file into the passphrase box, or anything like that. They are two separate things.
If you understand all that and just want to experiment and try to get it working, you can log in as 'visitor' / 'testaccount' using a different browser and send secure PMs back and forth with your Freakdaddy account.
If you have existing secure PMs in your inbox which you want to read, I can try to get it working but I will need you to tell me your passphrase and attach your private key.
Or if you're not worried about preserving existing secure PMs, I can recreate your keypair, ensure that it's working on my end, then send the key and passphrase to you for testing.
Please let me know how you wish to proceed by responding to this ticket at your earliest convenience. Note that if you do not respond within a week this ticket will automatically be closed, but you can re-open it at any time. I'm very sorry for the hassle Freakdaddy. I do hope to hear from you soon.
Best regards,
-Y
|
|