Mods with access to PMs?

John snow · May 27, 2016, 10:32:49 PM

Hello, am new registering but longtime user. Love the platform. My question: are moderators able to see PMs that other members send to each other? this is an issue our community would like a ruling on.

Cheers,
JS

Kindred · May 27, 2016, 10:50:58 PM

No. PMs are not visible to anyone except the sender and recipients...

Not even admins can view the pm, unless the admin choose to violate the users' privacy and look directly in the database

John snow · May 27, 2016, 11:01:06 PM

Many thanks for the quick reply Kindred. Out of curiosity, is that not somewhat of a concern when admins are active users as well.

I guess i'm asking how community members would react knowing the admins can "choose" to violate privacy fairly easily?

Apologies I don't mean to second guess this most amazing platforn, just want a clear picture on where the buck stops, so to speak.

Antechinus · May 28, 2016, 03:10:36 AM

Have you ever tried to read stuff in a database? I've had to do it at times, and it's a real PITA. Nobody in their right mind is going to trawl through a db just to snoop on people's PM's. You would have to be really, really, really bored. If you weren't when you started, you would be after the first five minutes.

Anyway, if you are worried about unscrupulous admins snooping on people there's something else to worry about. All an admin has to do is to reset a member's password when that member is not around. They can then access the account directly, without having to go through the db. As long as they saved the content of the password fields for that member, which is a very quick and easy database operation, then they can always set the password back to what it was before the member logs in again. So, worry about that one instead, because if you can't trust the admin then you can't trust them to not do that.

Which is the bottom line. At some point, you have to trust the admins. If you don't or can't trust them, find another site.

John snow · May 31, 2016, 10:43:23 PM

Ack. That is a bit of a concern.
Thanks for the reply, though.

Kindred · May 31, 2016, 11:23:09 PM

Why is that a concern? Very obviously, anyone with access to the database has access to everything.

But finding the individual pm is a pain in the butt...

Arantor · June 01, 2016, 12:44:42 AM

Even more simply: if you don't trust the admin, don't go there.

qc · June 01, 2016, 08:13:03 AM

If message privacy is *really* important to you, you could get someone to develop an end-to-end encryption scheme for your PMs which even the admin with database access can't decrypt.

Arantor · June 01, 2016, 09:26:37 AM

Which would require redesigning PMs since every individual message would have to be separately encrypted, as opposed to keeping one copy and just marking recipients in it.

And even then, it's possible for an admin to get around it.

qc · June 03, 2016, 10:09:58 AM

If someone needs to send and receive absolutely private messages (which even the admin can't read, no matter what), follow these steps:

Each participant generates an RSA key pair and puts the public key in its forum profile or signature.

If you want to send a private message, encrypt it with the receiver's public key.
The receiver then decrypts the message with its private key.
If you want to receive a private message, the sender encrypts it with your public key.
You then decrypt the message with your private key.

You can use http://travistidwell.com/jsencrypt/demo/ for all the above (RSA key generation, encryption, decryption).

Have fun, @John snow

News:

Mods with access to PMs?