10 replies to this topic

[MG Brown]

Are private messages really private?

 

Is there a reasonable expectation of Private Message privacy (with the exception of messages forwarded to Admins)?

Should, as a condition of being a user of this system, you agree to keep PMs private? What should the penalty be for a violation?
 
Should there be a disclaimer in the Private Message system that messages aren't, in fact, private and can be copied and published to other platforms and or modified for other purposes?

Discuss:

[old & gray]

I try to follow the rule: "Anything you send could appear on the front page of the New York Times."

 

I try to be discreet; I will occasionally ask the recipient for discretion in repeating my comments. But in a world of content theft by outside parties and legal discovery, I find a declaration of privacy amusing at best.

[mreibman]

If you put anything on the interwebs, and I don't care WHERE you put it, you should have about ZERO expectation of privacy.

 

In the immortal words of Benjamin Franklin, "Three can keep a secret, if two of them are dead."

[edscars]

I rarely use the PM option, but if I do I think about the worst possible outcome if info leaked out, like if someone I thought I could trust ended up blabbing it to unknown people, and proceed or don't proceed from there. For the most part the public messages suffice for me though, especially in the slot car community.

[eshorer]

Back in the old days of AOL chat rooms in the '90s, it was assumed that the rooms were public and the Private Messages were private. But it was just an assumption, and dealt more with "custom" than "law."

 

I would assume the same here:  Nothing is private, if one or both of the writers chooses to share it. It may not be right, but it's not illegal. Messenger beware. 

 

(The fact that an Administrator has total access to email and messages, I'm guessing, is another issue entirely)

 

Eddie

[MG Brown]

The fact that an Administrator has total access to email and messages, I'm guessing, is another issue entirely.

 

To the best of my knowledge, the "all access" that you mention was a bug in IP.Board and no longer exists.
 

[rmjlmartin]

I try to treat the contents of a PM as if there's at least an expectation of privacy, and will generally ask permission before sharing it publicly, unless I know that it's something that's already public knowledge. But, as everyone else has said, it's the internet, and if you really don't want something to get out, it's best to just not post it, even where you think it should be private.

[Shruska55]

My $0.02.

 

If a board or posting service advertises the feature as private, then there should be a modicum of privacy expectation. If the service cannot guarantee that modicum, it should post that all messages are essentially subject to possible public scrutiny.

 

That said, I've ceased to have any expectation of privacy for anything online, or given the intrusive nature of all social media platforms - offline, and moderate my words accordingly. If I post something, it is with the expectation that a service's admins will read it.

 

Scott

[Cheater]

To the best of my knowledge, the "all access" that you mention was a bug in IP.Board and no longer exists.

The orginal claim "that an administrator has total access to email and messages" is not factual. That has never been the case with IP.Board at Slotblog, which has been our software platform since July, 2007. 

 

The administrator level power only operates on posts made to Slotblog. Administrators have no involvement in anything else regarding members at any level, their accounts, permissions, PMs, etc. These are root admin functions only and I am the only root admin here at Slotblog.

After we started using the IP.Board platform, a subsequent update added the option for me as root Aamin to log-in as any member (via a button, not using the member's log-in name and password, the latter not being visible even to the root admin) to facilitate troubleshooting and problem resolution with a member's access and account. This has proved to be useful, as it allows me to duplicate remotely exactly what the member is seeing and experiencing.

 

While logged-in as a member, I certainly could, if I wanted to, go into his PM area and read anything I want. But I simply, as a matter of personal integrity, have never intentionally done so, not a single time. It has happened by mistake less than half a dozen times in over a decade, usually when I was later automatically logged-in as the member I had recently tried to help. In every instance, I backed out immediately once I realized what had happened.

 

Keep in mind that if you or your PM correspondent adds another person to an existing PM conversation, all of the content in that PM conversation will be visible to the new participant.

 

There has never been a single confirmed report made to me that a Slotbog member's PMs have been read by an unauthorized person who did not have access to that member's log-in info. If anyone has incontrovertible evidence to the contrary, I would love to see it.

I believe MG's issue concerns a person he was PM'ing who copied parts of their conversation and posted them elsewhere, revealing info he was not pleased to have been made public. There is simply no way for Slotblog to prevent this sort of thing from happening. Even if the platform did not allow for copy and paste of PM content, screenshots would easily get around such a restriction.

As for Slotlog penalizing members who make public Slotblog PM content elsewhere, it is not possible for this forum to enforce or regulate the integrity of its members nor to sit in adjudication when such such regrettable situations occur.

Members should be assured that PMs are Slotblog are about as private as such messages are anywhere, and are certainly much more secure than emails or messages that travel across the internet. Assuming, that is, that the integrity of the root admin is acknowledged and that's your call.

[MG Brown]

Greg,

 

The "bug" that I mentioned was not specific to Slotblog, and I would have no way to confirm or deny that it ever existed. I was told the "bug" story by a person who runs a system for a computer club in the greater Chicago area. I have no reason to believe that he would make this up, so perhaps it was something that occurred in their environment and was specific to their board/setup.

You say it has never been a problem here, and I feel that you are a person of integrity whose word can be trusted.

The point of opening this discussion is to warn and inform people that it is possible for a person's personal information to be exposed without their knowledge or consent by people with whom they communicate. This isn't exclusive to Slotblog, IP.Board, or, for that matter, any particular online messaging system.

Learn from my mistake, as it were.

[stoo23]

From my own experience running three different forums using other software, (SMF and phpBB), as both admin and root admin, I can confirm what Greg has stated.

 

Whilst I (as admin') can see user's IP addresses and email addresses, other users cannot!! And only by 'logging-in' as the user or (as Greg has detailed), could any admin interact with the user's data... like PMs, etc.

 

The information isn't freely available in a 'readable' fashion in either the file ystem or the DB and whilst the info is in the SQL tables, it is (in effect), encrypted, so even with serious SQL knowledge, it does not mean you could find and read any user's PMs.

 

I would go as far as suggesting the reported 'bug' may be based on some other issue, as that 'bug' would actually have to be quite some 'clever' piece of software and somehow gain root admin level access to even begin to do what would be required to retrieve that data.

 

If the server and it's associated software versions are current and well set up along with recent versions of the fgorum software... it's invariably pretty bulletproof. 

 

Plus, as suggested by Greg, one has to also give serious consideration to the integrity of the acting administrator.