Reading other users PMs (as Admin)

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Reading other users PMs (as Admin)

Post by AdamR »

arod-1 wrote:placing a similar disclaimer ("This message may be read by a board administrator for moderating purpose" or such) on the PM authoring page should make it clear enough to the members. i don't believe they will "make an assumption of privacy" in this case, and i don't think this should upset anyone.
the reality is that we can't really guarantee any level of privacy: the PMs exist in the DB in plain language, and even after both sender and recipient deleted the message, copies of it can still exists, indefinitely, in old backups.
Might I quote myself here from this very topic:
AdamR wrote:Most users have no clue that Administrators and server Administrators have access to read these messages and if they did, they'd be clearly notified about it.
If the feature was called "user to user message" it would imply the only other person reading the message was the member to whom you sent the message. If the feature was called "contact this member" it would imply only this person could read the message. Only when the feature is called "Send this user a message that can be read by both this user and the board/server administrators" will the user not make the assumption that it is "private." Again, like I said, naming convention (within reason) is irrelevant.

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton
SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG »

I think arod-1 has grasped the point well enough. Others either disagree or are so strong in their presumption that non-public communication on a forum product ought to be priviledged and confidential from a project point of view that they miss the point altogether, like not seeing the forest for the trees. I suspect the latter is at least as prevasive as the former, especially when the naming convention is considered irrelevant. That's fine, from my point of view.
ChrisEmerson wrote:And not that I use gmail or anything, but the terms that you posted as 'proof' that the admins there read emails are completely irrelevant as well. Nowhere in there does it say administrators can read email. It says the machines will read the email for the purposes of working out whether it is spam, via their algorithms, and delivering advertising content relevant to the email.
That's what I said. When I was accused of being within spitting distance of suggesting that Gmail operators, by my logic, ought to be able to read e-mail, all I said, in response, was that Gmail e-mail is considered less private than phpBB PMs. I didn't see the point of the Gmail argument, and I still don't.
Highway of Life wrote:The point here is ethical, not ability.
I don't recall denying that. Again you fail to see the point. Which, again, is fine. It isn't that important, but I am entitled to raise the issue since it is about ethics.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29294
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: Reading other users PMs (as Admin)

Post by Marshalrusty »

arod-1 wrote:at one point earlier in this thread SamG defined this feature as "non public communication", and the response was:
Marshalrusty wrote:Where have you read that phpBB (as in the project) is getting involved with non public communication?
the fact that Marshalrusty fails to understand this simple issue, namely that the "privacy" is not an integral part of the feature, and is only implied by the naming, just demonstrates, imo, just how badly was this feature named.

it is not too late now to change the name of this feature from "private message" to "personal message", or "member to member message" or something to this effect.
You claim that we are implying the privacy of private messages by calling them private, but then also claim that the "privacy is not an integral part of the feature". It seems like you are telling us what we are and aren't doing. It is up to the development team to decide how a feature should and should not work (with ideas from the community, of course).

The private message system is there for communication between individual members, regardless of what you call it. Users will therefore assume that it's private unless a disclaimer is placed saying that it isn't (as has been said). It is ridiculous to ask for a disclaimer to be placed there by default, because the majority of administrators do not go around reading PMs. As I keep saying, that is something you need to personally do if you plan on reading them. If you don't like the name "private messages", then change it on your board. The phpBB software is released as-is with the intention that you will change whatever you don't like.

If you don't like the feature, remove it. If you don't like how it implies privacy, change that by setting the record straight with your users. If you don't like the name, change the name. You have full control of your board (you did from the start). Stop whining and change what you don't like.
SamG wrote:That's what I said. When I was accused of being within spitting distance of suggesting that Gmail operators, by my logic, ought to be able to read e-mail, all I said, in response, was that Gmail e-mail is considered less private than phpBB PMs. I didn't see the point of the Gmail argument, and I still don't.
Clearly. So is the code "reading" users' private messages too? You don't see the difference between administrators reading and software processing?
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG »

Marshalrusty wrote:Clearly. So is the code "reading" users' private messages too? You don't see the difference between administrators reading and software processing?
Indeed, I do. You deny that out of the box, Gmail e-mail is less private than phpBB PMs?
SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG »

As a matter of respect, let me try to put the point this way. After that, really, I must bow out.

I reject the idea that it's appropriate for people to use phpBB to distribute gossip. We've had people post here who have been hurt by thoughtless posting in public on some phpBB-powered board somewhere, lamenting that there was nothing we could or would do about it. I also reject the idea that phpBB, as a project, ought to weigh in on the subject, so I've always supported phpBB's neutrality in such cases.

I reject the idea that it's appropriate for admins to personally browse (or machine read, for that matter) PM content, regardless of what it's called, without cause. I also reject the idea that phpBB, as a project, ought to weigh in on the subject. But (so my argument goes), phpBB, as a project, necessarily injects a particular point of view about PMs by the naming convention used. If it was called "open season message system," that would convey something about the system. Likewise, if it was called "confidential message system," that would convey something about the system. I simply suggest as neutral language as possible for the naming convention.

If you want to hear more, please buy the book. :mrgreen:
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29294
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: Reading other users PMs (as Admin)

Post by Marshalrusty »

SamG wrote:Indeed, I do. You deny that out of the box, Gmail e-mail is less private than phpBB PMs?
What box does Gmail come in? Are you able to change it to a state that's different than "out of the box"?

The security of phpBB PMs depends entirely on the environment (and any vulnerabilities in the code that may exist, of course). On a poorly configured shared host, PMs are just as insecure as the rest of the database. On a local intranet, they're quite secure.

If you access your gmail account from public computers, then your account is not as secure as it would be if only accessed through trusted computers.

I am unable to compare the general security of the two without additional parameters.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
SamG
Former Team Member
Posts: 3221
Joined: Fri Aug 31, 2001 6:35 pm
Location: Beautiful Northwest Lower Michigan
Name: Sam Graf

Re: Reading other users PMs (as Admin)

Post by SamG »

Marshalrusty wrote:I am unable to compare the general security of the two without additional parameters.
That's fine, since you raised the point about Gmail e-mail privacy and not security. I have no idea which is more secure, but I cannot see how any fair look at the two would conclude they are equally private out of the box -- in their default state. Hence, I see no need to talk more about Gmail privacy. It didn't help to bring it up in the first place, and further discussion doesn't remedy that, as far as I can see.
arod-1
Registered User
Posts: 1327
Joined: Mon Sep 20, 2004 1:33 pm

Re: Reading other users PMs (as Admin)

Post by arod-1 »

Marshalrusty wrote:You claim that we are implying the privacy of private messages by calling them private, but then also claim that the "privacy is not an integral part of the feature". It seems like you are telling us what we are and aren't doing. It is up to the development team to decide how a feature should and should not work (with ideas from the community, of course).
what do you mean when you say "you are telling us what we are and aren't doing." ?
who are "we"? the "team"? the developers? the community?
you say "It is up to the development team to decide how a feature should and should not work"
but what you really mean is that it is up to the development team to decide how the feature should be used.

this is, of course, not the case. it is not up to the developers to decide how to use this feature, or any other feature, or the software at large. read again the GPL to better understand the nature of the "contract" between the developers and the people who use the product.

as i said, there is nothing intrinsic in this feature, from the software point of view, that makes it private.
if i remember correctly, there is at least one mod in phpbb v2 that allows the admin to read PMs, there will surely be soon (if there isn't one already) such a mod for phpbb3, and even without it, PMs are readily accessible through direct access to the DB.
so i am not telling you "how it should work".
i am telling you how it actually works.
there is nothing intrinsic in the software that makes PMs "private". all i said was that it would be less confusing if they were not called "private".

on my board, i told my users (not verbatim, but this was the general message):
"I have no intention to read anyone's PMs, but please realize that i have the capability to do so, so be sure not to write stuff that is more sensitive than how much you trust me".
Yautja_cetanu
Registered User
Posts: 72
Joined: Wed Nov 24, 2004 3:23 pm

Re: Reading other users PMs (as Admin)

Post by Yautja_cetanu »

wow, this topic was hard to follow :P

Um I think you're wrong about gmail and reading e-mails. Maybe I haven't got my facts straight but certainly ethical gmail don't have humans reading your e-mails (there are many many privacy activists against that) and I know many companies would run a mile from Google apps for your domain if they could read your e-mails. I think in England its a legal requirement to be very clear exactly what you're going to do with any information you store. (Allowing random admins who they don't know about to access information they didn't think would be allowe to acccess them, I think, is breaking the law. Is it any different from sharing your e-mail address with other companies without you telling them?)

Having said that, we were definitely thinking of making a mod that allowed admins to read pms. We're a board for a youth group so there are many young people. Sometimes we've had some adults (one guy was 66) and it was clear that he was private messaging another person as young as 14. We never read the Private messages but we definitely felt if things continued we'd need to. A mod is required because the people who would naturally have authority to read pms and deal with them, would not be the geeky administrator but the people in charge of the youth group in real life.

I think most people would agree that this case is a case where its in everyone's best interests that PMs are not entirely Private? Having said that, we'd probably change the name to Instant Messages (like myspace) and make it clear in our privacy policy. (Besides, we also had an AJAX based mod that made PMs more instant anyway).
User avatar
Highway of Life
Former Team Member
Posts: 6048
Joined: Wed Feb 02, 2005 5:41 pm
Location: Seattle, WA
Name: David Lewis
Contact:

Re: Reading other users PMs (as Admin)

Post by Highway of Life »

arod-1 wrote:you say "It is up to the development team to decide how a feature should and should not work"
but what you really mean is that it is up to the development team to decide how the feature should be used.
Incorrect.
The developers decide how the feature would be programmed to work by default you have the ability and privilege to change it however you like. Not how it is used, you can use phpBB for uses other than a Forum, but the developers still programmed it to work as a forum by default. And it is the developers decision on how they see it should work regardless if anybody likes it or not.

The developers created a message system that is user to user messaging. Private Messages is the best name suited for the feature. And as has been stated time and time again, naming of the feature is irrelevant to the point of the feature or its privacy, but as arod-1 is convinced that the feature was poorly named, I implore you to change it on your board. That is what phpBB allows you to do under the GPL.

The private messaging could be named personal messaging and it would not be viewed as any less private than private messaging. This is also why companies TELL YOU “This phone call may be recorded for quality control purposes” its a disclaimer, so you KNOW that someone else may be listening to it now or later, I know its not private. But I expect that when I call my friend, that it is private, but I don’t call it a “Private Phone Call”, I just call it a Phone Call.

That is why we are repeating time and time again, if you plan on reading the private messages, then put up a stipulation in the privacy policy, or anywhere else easily readable that users private messages may be read at any time by the Administrator. It’s not that hard to do, and I can show you how. There is no reason to be scornful of the Developers or the project for a name which - in your opinion - is a poor choice of names.

We (the Teams/phpBB) are saying, we believe this feature should work this way, and we program it to work that way, but as it is under the GPL, we say you can change it to make it work however you want it to work.
arod-1 wrote:as i said, there is nothing intrinsic in this feature, from the software point of view, that makes it private.
[...]
there is nothing intrinsic in the software that makes PMs "private". all i said was that it would be less confusing if they were not called "private".
Personal messaging, user to user messaging, message user messaging, whatever you want to call it, would still be considered to be, user to user, that is, nobody else can read it, which also implies some form of privacy. I don’t understand why you have a problem with adding a stipulation to your privacy policy or changing the name of the feature on your board if you don’t like how things are done. Complaining about it does very little good.
The phpBB Weekly Podcast - Discussing the developments of phpBB4 and beyond.

New to phpBB3? Want to learn about programing?
Visit phpBB Academy at StarTrekGuide to learn how.
arod-1
Registered User
Posts: 1327
Joined: Mon Sep 20, 2004 1:33 pm

Re: Reading other users PMs (as Admin)

Post by arod-1 »

Highway of Life wrote:I don’t understand why you have a problem with adding a stipulation to your privacy policy or changing the name of the feature on your board if you don’t like how things are done. Complaining about it does very little good.
i hear this "argument" over and over, and i want to respond to this specific part.
this has nothing to do with PMs or privacy.

many times, when people express criticism, someone advocating the "party line" will eventually say something like this:
"you can do whatever you want on your board. i don't understand why are you wasting our time whining".

well, i know i can do whatever i want on my board. as a matter of fact, i actually do whatever i want on my board.
the opinion i express here are not "whining" or "complaining". they represent legitimate criticism. i see something, some decision, some code fragment, some behavior or wording that i think is less-than-optimal, and i comment on it.
i don't claim to be always right (although i believe i am... ;) ), but telling me to f**k off and do whatever i want on my own board has nothing to do with the discussion. so please leave my board out of this discussion. it is not relevant.
whether or not "mere users" should be able or even allowed to comment on the project and criticize it depends on the policy of the project "owners", but most open-source projects encourage and support this type of input, and thrive on it.

the tail of this long thread seem to boil down to the question "is the naming relevant". at this point, i would suggest that you, marshalrasty, adamr, and anyone else from the "the name is not relevant" camp to read this thread from the beginning.
you'll be surprised to find many posts by users who claim that "private messages are private by definition". since no formal definition is given anywhere, i read the "by definition" to mean "by naming".
read this thread in its entirety, and you'll find that even if you[/] do not believe the name in and of itself has any specific meaning, may other people do believe that, and many people take the "private message" name to imply a level of privacy that is not provided by the software, and that not every admin is willing to provide.
User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Reading other users PMs (as Admin)

Post by AdamR »

arod-1 wrote:i don't claim to be always right (although i believe i am... ;) ), but telling me to f**k off and do whatever i want on my own board has nothing to do with the discussion. so please leave my board out of this discussion. it is not relevant.
Tone it down.

All Highway of Life was stating that if anyone plans to be reading private messages, the ethical (and possibly even for legal security) thing to do would be to put a clear notice in your privacy policy. The feature wasn't intended by the developers for administrators to be able to read. Therefore, the naming convention is not necessarily needed (see below), bit it's certainly accurate. Also, this is why no default privacy policy is put in place stating that, indeed, administrators do have the ability to read the PMs should they really want to. That's it. There's no need for you to get up in arms about it. ;)
the tail of this long thread seem to boil down to the question "is the naming relevant". at this point, i would suggest that you, marshalrasty, adamr, and anyone else from the "the name is not relevant" camp to read this thread from the beginning.
you'll be surprised to find many posts by users who claim that "private messages are private by definition". since no formal definition is given anywhere, i read the "by definition" to mean "by naming".
read this thread in its entirety, and you'll find that even if you[/] do not believe the name in and of itself has any specific meaning, may other people do believe that, and many people take the "private message" name to imply a level of privacy that is not provided by the software, and that not every admin is willing to provide.


I hate to break it to you, but it is private without the administrator having to jump through a few hoops. It's only when you change the code (MODs) or play around in the database linking PM ids across tables does it no longer become private. And if you would have read this whole topic clearly, you would understand what we're saying is that no matter what you name it, whether the word private is in the naming convention or not, users will make the assumption that it is private unless you notify them about it somewhere.

Highway of Life used the perfect example of a phone call. Essentially everyone out there doesn't think that just because it's not called "private phone call" that it isn't indeed private.

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton
HB
Registered User
Posts: 145
Joined: Mon May 16, 2005 9:30 pm
Contact:

Re: Reading other users PMs (as Admin)

Post by HB »

I have to agree with Sam, why does phpBB have an Inbox in the first place? Allowing members to initiate contact via the e-mail form seems adequate. If members want to have extensive offline discussions, they can use their regular e-mail client. My site is still using 2.0.22 and there's no option to disable PMs site-wide in preference to the e-mail form. I haven't dug through the version 3.0 ACP options, is there one that would do that?

FWIW, an easy way of discouraging excessive reliance on PMs is setting the Inbox thresholds very low and setting the "allow e-mail" default to true on registration. Only one or two of my members have asked for a higher PM limit.
Dan Kehn
User avatar
Highway of Life
Former Team Member
Posts: 6048
Joined: Wed Feb 02, 2005 5:41 pm
Location: Seattle, WA
Name: David Lewis
Contact:

Re: Reading other users PMs (as Admin)

Post by Highway of Life »

HB wrote:I have to agree with Sam, why does phpBB have an Inbox in the first place? Allowing members to initiate contact via the e-mail form seems adequate.
If using the e-mail form is adequate, why do 99% of users use the Private Message feature?
We don’t assume what a site administrator would want to do with his site or what he will use phpBB for, so there are as many options as possible, and even more so with phpBB3 than with phpBB2.
The idea is to allow complete customization of your board/site using phpBB3, if you don’t like a feature, turn it off.

Regarding an argument earlier, its not about what we force users to do, but what we allow users to do through customization and a vast array of options. That is why we say Administrators should customize it the way they like it instead of hell-bent criticism on why the feature exists in the first place, or how it was programmed to work by default or the naming choice of the feature. :)
If the feature was not there, we would be criticized for not adding it. :lol:
HB wrote:If members want to have extensive offline discussions, they can use their regular e-mail client. My site is still using 2.0.22 and there's no option to disable PMs site-wide in preference to the e-mail form. I haven't dug through the version 3.0 ACP options, is there one that would do that?
Yes, you can completely disable the Private Message System in phpBB3.
HB wrote:FWIW, an easy way of discouraging excessive reliance on PMs is setting the Inbox thresholds very low and setting the "allow e-mail" default to true on registration. Only one or two of my members have asked for a higher PM limit.
I would just make sure you have “show e-mail addresses” set to off. ;)
The phpBB Weekly Podcast - Discussing the developments of phpBB4 and beyond.

New to phpBB3? Want to learn about programing?
Visit phpBB Academy at StarTrekGuide to learn how.
HB
Registered User
Posts: 145
Joined: Mon May 16, 2005 9:30 pm
Contact:

Re: Reading other users PMs (as Admin)

Post by HB »

HB wrote:I have to agree with Sam, why does phpBB have an Inbox in the first place? Allowing members to initiate contact via the e-mail form seems adequate.
Highway of Life wrote:If using the e-mail form is adequate, why do 99% of users use the Private Message feature?
I have no idea if 99% of the users use the PM feature. If I were to guess, one of the reasons it's popular is the common misconception that enabling e-mail form contact means publicly displaying your e-mail in the forums where it will be picked up by spammers. Subsequently many registrants use "throwaway" e-mail addresses, rendering e-mail contact impossible. Personally I don't care for PMs since I already have too many Inboxes to look after.

As for the Private Message versus Personal Message... it's easy enough to change the language files if the Admin is worried about overzealous lawyers accusing them of violating expectations of absolute privacy.

PS: Completely off topic... I just noticed the order of the buttons in the reply window: Save, Preview, and Submit. Usability 101 says the most commonly used buttons go on the left, so shouldn't it be Preview, Submit, and Save button offset a bit from the rest? Once I upgrade to version 3, I'll be getting PMs from members complaining that they post and don't see their message. Oh joy. :roll:
Dan Kehn
Post Reply

Return to “phpBB Discussion”