Reading other users PMs (as Admin)

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
Post Reply
User avatar
cwaring
Registered User
Posts: 69
Joined: Mon May 26, 2003 7:46 pm

Reading other users PMs (as Admin)

Post by cwaring » Mon Oct 01, 2007 10:40 am

Simple question, and not that I would, but is it possible that, as the board admin., I can read any PM sent by any other forum member.

As I said, I would never do this, but it just came up in a Usenet conversation. I did try but couldn't find a way to do so.

This also leads onto another related question. Given that I can't do so, how can could I ever prove what one user sent to anther? Of course, the offending message would be forwarded to me, but couldn't that be faked?

I'm only thinking out loud here so please feel free to tell me to shut up if I'm talking nonsense ;)

Thanks.

User avatar
calebrw
Registered User
Posts: 679
Joined: Mon May 10, 2004 1:44 am
Location: Minneapolis, Minnesota
Contact:

Re: Reading other users PMs (as Admin)

Post by calebrw » Mon Oct 01, 2007 10:44 am

There was a topic similar to this a week and a half ago or so (give or take). There is no function like that built in. You could read the DB directly if you have proper access. Barring that, you could write a script that does so.

With the new module system, it would be fairly easy to add such a feature directly into the ACP, pending your knowledge of PHP/SQL/phpBB coding and your ability to write the required script.
cwaring wrote:This also leads onto another related question. Given that I can't do so, how can could I ever prove what one user sent to anther? Of course, the offending message would be forwarded to me, but couldn't that be faked?
It could be faked, give the reason why you'd want to access the DB directly. For instance, phpmyadmin allows you to view PMs directly.
Caleb Williams
My Photography:
http://blog.calebwilliamsphotography.com

GGDub
Registered User
Posts: 199
Joined: Sat Sep 23, 2006 12:50 am
Location: San Francisco, CA
Contact:

Re: Reading other users PMs (as Admin)

Post by GGDub » Tue Oct 02, 2007 3:36 am

DELETED: I chose to delete this because people now think that my company does this. I never have and never had a reason to.
Last edited by GGDub on Wed Jun 23, 2010 12:44 am, edited 2 times in total.

User avatar
calebrw
Registered User
Posts: 679
Joined: Mon May 10, 2004 1:44 am
Location: Minneapolis, Minnesota
Contact:

Re: Reading other users PMs (as Admin)

Post by calebrw » Tue Oct 02, 2007 4:27 am

GirlsGoneWeed wrote:what you can do is change the users password, log into there account read, and log out.... then tell them there new pass is blahs3894 since a spamer used there account you changed it. lol
That hardly seems the professional way of going about it.
Caleb Williams
My Photography:
http://blog.calebwilliamsphotography.com

TEB
Registered User
Posts: 108
Joined: Tue Sep 11, 2007 2:15 am

Re: Reading other users PMs (as Admin)

Post by TEB » Tue Oct 02, 2007 6:23 am

That hardly seems the professional way of going about it.
You could always use the "sysadmins excuse way"
Sorry, but because of some recent forum updates and database changes your account password has become unusable, please use the password recovery feature located here:
http://example/forum/ucp.php?mode=sendpassword

Sorry for the inconvenience
Have a wonderful day
Staff
Works every time, and because its a personalized e-mail, no threads will get posted to arouse suspicion.

ChrisEmerson
Registered User
Posts: 6
Joined: Fri Sep 28, 2007 10:11 am
Location: Nottingham, UK
Contact:

Re: Reading other users PMs (as Admin)

Post by ChrisEmerson » Tue Oct 02, 2007 8:09 am

I think reading people's private messages is unprofessional in the first place. You shouldn't be able to read them, they are private for a reason.

User avatar
r4wMUnt34q
Registered User
Posts: 167
Joined: Sat Aug 19, 2006 5:41 am
Location: Hard to explain :)
Contact:

Re: Reading other users PMs (as Admin)

Post by r4wMUnt34q » Tue Oct 02, 2007 9:39 am

Yes, I agree with ChrisEmerson. There is a MOD for reading PMs via ACP for Olympus already and I criticised it in its release thread, cant recall on what site, because of the privacy reason, because some people really like their privacy...

Eventually, if you have to solve a problem conected with a PM, you can backup your board and restore it on your local pc (and install the MOD there maybe), change the current users password and look into his/her PMs, and other users if needed as well, but I think that reading PMs via ACP on a live board is quite paranoic or very unprofessional, as said above.

SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG » Tue Oct 02, 2007 5:31 pm

ChrisEmerson wrote:…they are private for a reason.
And that reason would be what?

The feature's name is arbitrary. It wasn't implemented as something required by law. The phpBB Group have no authority over my use of their software or the server it's hosted on (and I'm not suggesting that they're trying to have any authority), so their choice of naming conventions for the feature means nothing.

I've never read users' PMs. I doubt I'll ever have to. But I disagree completely with the notion that if I run a phpBB board I'm somehow automatically obliged, professionally or legally, to preserve the privacy of member-to-member messages. I downloaded a forum package first and foremost, not an e-mail system, nor any other sort of private (as in one-to-one) communications system.

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: Reading other users PMs (as Admin)

Post by Marshalrusty » Tue Oct 02, 2007 11:29 pm

Reading the replies in this topic, I would say that some of you have questionable ethical practices, at best.

Right and wrong are based on assumptions. By definition, private messages are private unless otherwise stated. Unless you make it extremely clear in your site's privacy policy that you may be scanning users' PMs, it is completely unethical to do so. The only valid reason an administrator may want to read users' private messages, is to investigate a report made by another user (UserA accuses UserB of sending something and UserB denies it). Anything else is unnecessary and unethical in my opinion.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG » Tue Oct 02, 2007 11:39 pm

Marshalrusty wrote:Right and wrong are based on assumptions. By definition, private messages are private unless otherwise stated.
An assumption that puts phpBB in the position of dictating site policy and procedure solely through a naming convention. That's problematic on the face of it.

Perhaps this would be a good podcast topic. The issue is just how much authority a phpBB naming convention ought to have over site policy, not about the privacy of my sites' users as such. That's not up to phpBB to decide through either a front door or a back door, such as a naming convention. That's how I see the argument, properly put, and I'd enjoy hearing you guys hammer it out. :)

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: Reading other users PMs (as Admin)

Post by Marshalrusty » Wed Oct 03, 2007 12:11 am

SamG wrote:Perhaps this would be a good podcast topic.
You read my mind. We'll need to get drathbun on since he holds a position contrary to mine.

I/we are certainly not dictating site policy. If you think it's okay to read what users ultimately assume to be private, then you have full access and ability to do so. If you think that your users already know or won't care, then you should have no problem with informing them of your actions.

Why draw the line at private messages? Do you, as the administrator, have a right to know your users' passwords? Once you get into that "as the admin, I have a right to see everything that happens on my site" mentality, it's a slippery slope.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG » Wed Oct 03, 2007 12:24 am

Marshalrusty wrote:I/we are certainly not dictating site policy.
But of course you are. I don't mean that as some sort of accusation, but as a simple fact in this discussion. As I said the last time I battled this out (at area51), phpBB is dictating how a certain set of member exchanges ought to be perceived -- that is, as confidential -- by the simple naming convention of calling them "private." I've never downloaded and installed phpBB so I could offer people a confidential communication tool. That's added by phpBB all by itself.
Marshalrusty wrote:If you think it's okay to read what users ultimately assume to be private, then you have full access and ability to do so. If you think that your users already know or won't care, then you should have no problem with informing them of your actions. [etc.]
I can see it's going to be difficult to keep a podcast discussion on task. I've already said that this argument is not about user privacy as such but about phpBB's inherent ability to prescribe how my site runs because it has a "private" messaging system. The fact of the matter is that phpBB can offer public and non-public communication tools without dragging me into long-winded discussions about privacy. I can freely grant my users a measure of privacy (I can't prevent the redistribution of PM content, for instance) if they elect to use a non-public communication tool phpBB offers. I have fewer to no options within the current environment that you would call ethical. Do you not see a problem with that, since it's phpBB that has decided the ethics here?

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: Reading other users PMs (as Admin)

Post by Marshalrusty » Wed Oct 03, 2007 2:44 am

phpBB is open source software...

It sounds like you're implying that we're forcing you to allow private messaging on your board just because it's included in the software. The fact that you installed phpBB to use the public board and not private messaging has no relevance because you have full control to remove any features that you don't like. We provide the software, you use it anyway you like.

I say again, users assume that messages sent via the PM system are private. Following your logic, administrators of Gmail/hotmail/etc. have the right to read emails since you're using their service. If you think that you have the right to read user PMs, then why not tell them so? If you think that they will be against it, then you're just proving my point for me.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG » Wed Oct 03, 2007 2:58 am

Administrators of Gmail do have the right to scan e-mail. I don't see the relevance.
Marshalrusty wrote:phpBB is open source software...
I know that, and you know I know that.
Marshalrusty wrote:It sounds like you're implying that we're forcing you to allow private messaging on your board just because it's included in the software.
No, I never implied any such thing. What I said was that if I allow non-public communication between users, you've forced me into handling that communication as confidential. Why would you do that? On what grounds? Are you afraid I might not be capable of granting the measure of privacy I've described above on my own? That's something between me and my users. It's an arbitrary decision to call it a private message system and not required for phpBB to function as a bulletin board system.
Marshalrusty wrote:I say again, users assume that messages sent via the PM system are private.
Sure. Because it's called a private message system. And?

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: Reading other users PMs (as Admin)

Post by Marshalrusty » Wed Oct 03, 2007 3:31 am

SamG wrote:Administrators of Gmail do have the right to scan e-mail. I don't see the relevance.
:?
SamG wrote:No, I never implied any such thing. What I said was that if I allow non-public communication between users, you've forced me into handling that communication as confidential. Why would you do that? On what grounds?
Nobody "forced" you to do anything. We're not even forcing you to use the software, let alone a specific feature of the software. If you don't like that feature, then you have the ability to change it or remove it.
SamG wrote:
Marshalrusty wrote:I say again, users assume that messages sent via the PM system are private.
Sure. Because it's called a private message system. And?
And you should therefore treat it as such. You use the software because you want to, and you left that feature intact because you wanted to. If you had changed the name to "private (although admins may read them) messages", then fine. Otherwise, you should respect your user's privacy rather than silently read what they assume to be private conversations.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Post Reply

Return to “phpBB Discussion”