It could be faked, give the reason why you'd want to access the DB directly. For instance, phpmyadmin allows you to view PMs directly.cwaring wrote:This also leads onto another related question. Given that I can't do so, how can could I ever prove what one user sent to anther? Of course, the offending message would be forwarded to me, but couldn't that be faked?
That hardly seems the professional way of going about it.GirlsGoneWeed wrote:what you can do is change the users password, log into there account read, and log out.... then tell them there new pass is blahs3894 since a spamer used there account you changed it. lol
You could always use the "sysadmins excuse way"That hardly seems the professional way of going about it.
Works every time, and because its a personalized e-mail, no threads will get posted to arouse suspicion.Sorry, but because of some recent forum updates and database changes your account password has become unusable, please use the password recovery feature located here:
Sorry for the inconvenience
Have a wonderful day
And that reason would be what?ChrisEmerson wrote:…they are private for a reason.
An assumption that puts phpBB in the position of dictating site policy and procedure solely through a naming convention. That's problematic on the face of it.Marshalrusty wrote:Right and wrong are based on assumptions. By definition, private messages are private unless otherwise stated.
You read my mind. We'll need to get drathbun on since he holds a position contrary to mine.SamG wrote:Perhaps this would be a good podcast topic.
But of course you are. I don't mean that as some sort of accusation, but as a simple fact in this discussion. As I said the last time I battled this out (at area51), phpBB is dictating how a certain set of member exchanges ought to be perceived -- that is, as confidential -- by the simple naming convention of calling them "private." I've never downloaded and installed phpBB so I could offer people a confidential communication tool. That's added by phpBB all by itself.Marshalrusty wrote:I/we are certainly not dictating site policy.
I can see it's going to be difficult to keep a podcast discussion on task. I've already said that this argument is not about user privacy as such but about phpBB's inherent ability to prescribe how my site runs because it has a "private" messaging system. The fact of the matter is that phpBB can offer public and non-public communication tools without dragging me into long-winded discussions about privacy. I can freely grant my users a measure of privacy (I can't prevent the redistribution of PM content, for instance) if they elect to use a non-public communication tool phpBB offers. I have fewer to no options within the current environment that you would call ethical. Do you not see a problem with that, since it's phpBB that has decided the ethics here?Marshalrusty wrote:If you think it's okay to read what users ultimately assume to be private, then you have full access and ability to do so. If you think that your users already know or won't care, then you should have no problem with informing them of your actions. [etc.]
I know that, and you know I know that.Marshalrusty wrote:phpBB is open source software...
No, I never implied any such thing. What I said was that if I allow non-public communication between users, you've forced me into handling that communication as confidential. Why would you do that? On what grounds? Are you afraid I might not be capable of granting the measure of privacy I've described above on my own? That's something between me and my users. It's an arbitrary decision to call it a private message system and not required for phpBB to function as a bulletin board system.Marshalrusty wrote:It sounds like you're implying that we're forcing you to allow private messaging on your board just because it's included in the software.
Sure. Because it's called a private message system. And?Marshalrusty wrote:I say again, users assume that messages sent via the PM system are private.
SamG wrote:Administrators of Gmail do have the right to scan e-mail. I don't see the relevance.
Nobody "forced" you to do anything. We're not even forcing you to use the software, let alone a specific feature of the software. If you don't like that feature, then you have the ability to change it or remove it.SamG wrote:No, I never implied any such thing. What I said was that if I allow non-public communication between users, you've forced me into handling that communication as confidential. Why would you do that? On what grounds?
And you should therefore treat it as such. You use the software because you want to, and you left that feature intact because you wanted to. If you had changed the name to "private (although admins may read them) messages", then fine. Otherwise, you should respect your user's privacy rather than silently read what they assume to be private conversations.SamG wrote:Sure. Because it's called a private message system. And?Marshalrusty wrote:I say again, users assume that messages sent via the PM system are private.