Private Messages

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Private Messages

Post by david63 »

In light of Senky's Encrypted PMs extension the question of "private messages" is being raised.

Now I know that there are (at least) two schools of thought about PMs:
  1. Those who believe that they are totally "out of bounds".
  2. Those who believe that a board Admin should have access to them.
I will put my cards on the table at the outset and state that I fall into the second category and I fully accept that there will be some (perhaps many) that have opposing views.

Personally I believe that that the term "Private Message" is, within the scope of social media being misinterpreted. My interpretation is that in this context the term "private" means not public and not "confidential". Many other social media platforms (such as Facebook, Twitter etc) now refer to such messages as "Direct Messages" meaning that the message goes from one member to another without being displayed in public - it does not, necessarily, mean that it is not to be seen by anybody else.

One of my main concerns over the use of PMs is, in today's climate, that they are used for communicating illegally with other board members. How would a board owner feel if there was under age child sex grooming taking place on their board? How would a board owner feel if a terrorist plot was being planned via PMs on their board?

Extreme examples? Yes. Plausible examples? Yes.

Except in a few cases how well do we really know who are members are and what their motives are for joining the board?

I can accept that not all (or even any) Admins should have access to "Messages" but I do believe that Founders/Board Owners should have that access. In fact there is an argument that it is their responsibility to know what is being posted on their site and in some circumstances/countries could face criminal charges for allowing illegal activity.

There is the argument that PMs should be protected in case the database is compromised. My answer there is that if the database is compromised PMs would be the least of my worries and if there is a need to send "confidential" information via a board then there are more suitable methods of doing it.

You also have to bear in mind that virtually all Internet data is, or potentially is capable of, being monitored by various agencies around the world.

The problem with encryption on something like a phpBB board is that the software is Open Source so by definition the methodology being used is in the public domain which also means that anyone wanting to "break" the system has a head start.

As I said at the start I appreciate that other will have differing views and I respect that.
Last edited by david63 on Wed Jun 26, 2019 8:33 pm, edited 1 time in total.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
Scanialady
Registered User
Posts: 421
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Private Messages

Post by Scanialady »

I agree with your opinion. Since the turn of the millennium I have been able to read the private conversations of my members, but so far I have only done so in a single case. Normally, there is no reason to do so. An administrator who can not tame his curiosity will be a bad character otherwise. And he will become known as such lousy character by itself.

The alternative could be to completely shut down PM.
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26505
Joined: Fri Aug 29, 2008 9:49 am

Re: Private Messages

Post by Mick »

Scanialady wrote: Wed Jun 26, 2019 6:07 pmThe alternative could be to completely shut down PM
To me that would be preferable to having someone I don’t know perusing my private messages. I fully understand David’s sentiments and he’s right but I don’t agree that admins should be able to read them so just turn it off.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
AmigoJack
Registered User
Posts: 6108
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Private Messages

Post by AmigoJack »

david63 wrote: Wed Jun 26, 2019 3:05 pmSenky's Encrypted PMs extension
Welcome to the internet - it works thru links. Granted, I know your username since I've joined this board, but is this necessary? Every reader has to start his own search?

david63 wrote: Wed Jun 26, 2019 3:05 pmPersonally I believe that that the term "Private Message" is, within the scope of social media being misinterpreted. My interpretation is that in this context the term "private" means not public and not "confidential". Many other social media platforms (such as Facebook, Twitter etc) now refer to such messages as "Direct Messages" meaning that the message goes from one member to another without being displayed in public - it does not, necessarily, mean that it is not to be seen by anybody else.
Yes, I also never estimated them as confidential, but only as non-public. But I've learnt sometimes there aren't unambiguous terms either - most prominent example are the folders "sent" and "outbox": renaming them to "sent & read" and "sent & unread" isn't 100% true either, although it results in fewer questions being asked.

I also stem from an era where messenger programs were en vogue, so the term "message" (and as such private messages on a BBS) always meant to me one to (a) selected recipient(s) only, not everyone. Just like "e-mail message" and "SMS message" still lives on today. None of those are confidential either.

david63 wrote: Wed Jun 26, 2019 3:05 pmHow would a board owner feel if there was under age child sex grooming taking place on their board? How would a board owner feel if a terrorist plot was being planned via PMs on their board?
While I understand your human nature I gave up on thinking in such categories, as every nation and culture comes with their own interpretations of "child" and "terror". Not to talk about how to make sure about the actual age and distinguishing between fiction and reality due to the anonymous nature of board accounts.

david63 wrote: Wed Jun 26, 2019 3:05 pmFounders/Board Owners should have that access. In fact there is an argument that it is their responsibility to know what is being posted on their site and in some circumstances/countries could face criminal charges for allowing illegal activity.
That's the result of laws having been made that do the opposite of helping: you end up loosing your trust to everyone, because the laws no longer allow you to argument "I trusted my members and had no bad intentions" - that's the terror everyone silently accepts without even recognizing it. Freedom also means that an adult can exchange texts with a child or both can plan a murder - in both cases those should only be indices, not violations.

Think about it from another perspective: if the board owners aren't able to see messages then the police shouldn't be able either. But you already want to have access yourself, so you're also enabling the messages for using it against you once authorities (i.e. police) get their hands on it. In the past one could argue "we see, you never had access to those so you could not know what was going on either", but nowadays you're per se suspicious and have to prove your innocence.

david63 wrote: Wed Jun 26, 2019 3:05 pmThere is the argument that PMs should be protected in case the database is compromised. My answer there is that if the database is compromised PMs would be the least of my worries
That's what I meant: you don't think about that messages could contain ANYTHING, also confidential information about you. Which could fall in wrong hands, at wrong times.

david63 wrote: Wed Jun 26, 2019 3:05 pmYou also have to bear in mind that virtually all Internet data is, or potentially is capable of, being monitored by various agencies around the world.
Yes. That's also the point of encryption: you then don't need to care about being monitored anymore.

david63 wrote: Wed Jun 26, 2019 3:05 pmThe problem with encryption on something like a phpBB board is that the software is Open Source so by definition
Depends on the implementation. Most people want encryption, but only few want complexity. Not to speak of those not even wanting to understand it. Likewise your argument is wrong: if you're in possession of the key and you decrypt it (read: in both cases not the server) then knowing any open source is no help either.
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
  • "My reaction is not to everyone, especially to you." Raptiye, 2021-02-28
fagbutlil
I've Been Banned!
Posts: 77
Joined: Wed Mar 07, 2018 10:56 pm

Re: Private Messages

Post by fagbutlil »

I read mine and in doing so have caught members sharing things there not allowed too so yes for some boards it's a must have ext to allow founder to read.

And for the term private message should be changed to messages there is nothing private in MY database i own if i wish to tamper with MY database and read what ever i have the right to do so.

It's called private messages as thats what phpbb called them knowing there NOT private in any way.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26505
Joined: Fri Aug 29, 2008 9:49 am

Re: Private Messages

Post by Mick »

Well, that’s another destination to strike off my bucket list.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
Scanialady
Registered User
Posts: 421
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Private Messages

Post by Scanialady »

People who use the Internet since its beginnings have more insights into the subject anyway. Anyone who fears that private messages could be misused should turn this feature off. Or close his board. "Private" does not exist on the Internet, there is at most "not publicly visible". And that will be worse than better in the next few years.It is no longer possible to have a private phone conversation because everyone and everyone are being listened to, and because every communication is being recorded. Your living room is no longer private. Why should a forum be?

Under these circumstances, it is highly suspicious to introduce any encryption for such normal functions. This gives the impression of offering criminals a platform on which they can talk secretly. Anyone who wants to be secured and unreadable with others in communication can visit a forest meadow at any time. :lol:

No need for such extension in my opinion.
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
User avatar
warmweer
Jr. Extension Validator
Posts: 11234
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium
Contact:

Re: Private Messages

Post by warmweer »

fagbutlil wrote: Thu Jun 27, 2019 2:14 pm It's called private messages as that's what phpbb called them knowing there NOT private in any way.
Actually the name given to a system does not require it to strictly adhere to what it sounds like.
The messaging system is usually shortened to PM or IM (which in full is Private or Personal messaging, or Immediate or Internal messaging) (I've also seen Board Messaging somewhere).
As long as your users are informed that any messages sent through the board can be read by the Administrator, I see no problem with it. Back in the 3.0 days I wrote a mod allowing me to query the PM tables for suspicious terms. This was communicated to the users and those with objections were informed that there is always the choice to not use the PM system.
AFAIK there was (or is still) an extension allowing the admin (perhaps also others with a permission setting) to read PMs, and if not there's always the database.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
fagbutlil
I've Been Banned!
Posts: 77
Joined: Wed Mar 07, 2018 10:56 pm

Re: Private Messages

Post by fagbutlil »

Hmm i see the words Private messages in the navbar but i know it's NOT private the word private tells me they are private so i'm safe to send private details via pm and know there be safe i'm not seeing the word Personal any where within phpbb.
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Private Messages

Post by 3Di »

That's a matter of changing a language string, Private against Personal.., et voilat.
To much a do for nothing (cit.).
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
fagbutlil
I've Been Banned!
Posts: 77
Joined: Wed Mar 07, 2018 10:56 pm

Re: Private Messages

Post by fagbutlil »

Yes we all know how to change it ;)

It's the fact phpbb has left it as private when they know its not private is the point i'm making since 3.0 there has been a pile of updates but yet it remains as private now this can confuse some members into thinking there private when there not.

My board displays as the image Image plain and simple no stating there private.
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Private Messages

Post by 3Di »

Submit a report and suggest the change. Even easier than before.

I find it much more constructive than to condemn this or that for something so minimal or lengthen exhausted discussions.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
AmigoJack
Registered User
Posts: 6108
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Private Messages

Post by AmigoJack »

fagbutlil wrote: Thu Jun 27, 2019 2:14 pmthere is nothing private in MY database
Scanialady wrote: Thu Jun 27, 2019 6:06 pm"Private" does not exist on the Internet
Speak for yourselves. Even burglars managed to use cryptolects centuries ago already - just because you see plain words you don't automatically know what they mean. Likewise I suppose you also don't check the attachments uploaded by your board members for their content (both payload and metadata), because you never even thought about that.
secret1                         
Sometimes I think people conclude privacy does not exist because they just don't know how they can protect themselves. In this post alone I hid 2 things that nobody would even expect unless I would have told so - there's your non-privacy. Guess what I'm able to when combining steganography and encryption.
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
  • "My reaction is not to everyone, especially to you." Raptiye, 2021-02-28
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 5871
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: Private Messages

Post by thecoalman »

david63 wrote: Wed Jun 26, 2019 3:05 pm Now I know that there are (at least) two schools of thought about PMs:
  1. Those who believe that they are totally "out of bounds".
  2. Those who believe that a board Admin should have access to them.
Whatever you position I'd be sure to make it clear to the members. I've made it a point to say I don't read their PM's but I have also made it clear there is nothing preventing me from doing that.

I suggested encrypting PM's previously, wasn't aware of the new extension. Off to check it out.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
spaceace
Registered User
Posts: 1999
Joined: Wed Jan 30, 2008 8:50 pm
Contact:

Re: Private Messages

Post by spaceace »

i think that if someone reads their users private messages it falls into a class of being untrustworthy. users that do things against board rules... you will get things like that no matter where you go. i honestly think PMs should be encrypted
Post Reply

Return to “phpBB Discussion”