I understand that disputes require conversations to be able to be read; however, it is a serious risk that localmonero could be compromised and leak seriously identifying information. If messages were encrypted unless one of the participants opt-in to decrypting the messages for a dispute then this situation would be massively improved. Even if users can’t verify for themselves that this is happening then it would be nice - I could be wrong, but I imagine it could be relatively simple to require the user’s passphrase upon a dispute and store a ciphertext form of messages in the database.
Welcome to the community!
If our database (heaven forbid) gets leaked, it won’t be a problem in terms of message content, since we store all messages encrypted in the database.
Do you retain those message logs forever?
Nope, we erase them after 180 days.
You can have both end-to-end encryption and a way to take messages into account during a dispute.
To send a message during a transaction:
- create a file containing the message text
- calculate its fingerprint, let’s say SHA384
- crypt the message with an armor
- in the empty message zone paste the fingerprint then the crypted message
During a dispute you will be able to submit the cleartext version of any message and the moderator/referee/judge will be able to verify it (the fingerprint must match).
Bonus: even if your correspondent doesn’t do so you can do it for him, by publishing the fingerprint of his cleartext message in your own answer.
This seems like a lot of extra steps, one can simply use PGP encryption as I’ve mentioned previously.
My propositions ensures that the messages are totally private between the 2 parties of a transaction, that is to say even administrators cannot read them, while offering a way to disclose them to anybody if a dispute arises. I don’t know of any other way to do so.
PGP does that. If you need to prove a message’s content to the staff, you just provide staff with the session key for that message.
You are right, and it is the best way.
How to do it: https://security.stackexchange.com/questions/115231/how-to-decrypt-a-message-using-only-session-key
There is no reason to not encrypt communications.