Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: PM's

  1. #1
    Platinum Member pmbguy's Avatar
    Join Date
    Apr 2013
    Location
    PMB
    Posts
    2,095
    Thanks
    310
    Thanked 254 Times in 230 Posts

    PM's

    I would like to ask a question that comes about after reading a very recent post.


    I don’t suspect admin is reading PM’s, at least not without our explicit permission, but can somebody please explain exactly how it works.
    It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change. – Charles Darwin

  2. #2
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Quote Originally Posted by pmbguy View Post
    I don’t suspect admin is reading PM’s, at least not without our explicit permission
    It's not even a permission issue - there is no mechanism in vBulletin that allows the admins to read anyone's PM's except their own.

    There was a plug-in advertised on one of the support sites years ago that did introduce this possibility, but it got slated as unethical by all and sundry (including me). It certainly isn't enabled here, and I'm confident it'll never become a part of the standard distro.

    This doesn't mean there aren't things the admins can do in respect of PMs, and I include a snapshot of the relevant dropdown of options we have in this regard:

    Click image for larger version. 

Name:	admin-options.jpg 
Views:	220 
Size:	39.9 KB 
ID:	4467

    About the most intrusive is the PM stats report, I guess. And all that gives is the total PM count in each of the particular member's PM folder.
    (And an option to delete all PMs, which is there if we get reports of abuse of the PM system).

  3. Thank given for this post:

    ians (13-Mar-14), pmbguy (13-Mar-14), wynn (14-Mar-14)

  4. #3
    Platinum Member pmbguy's Avatar
    Join Date
    Apr 2013
    Location
    PMB
    Posts
    2,095
    Thanks
    310
    Thanked 254 Times in 230 Posts
    Shot for explaining it Dave. This is the first forum I have joined so I just don’t know these things. I apologise if it seemed like I was questioning TFSA. Its only clarification I seek.

    I only have good things to say about TFSA.
    It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change. – Charles Darwin

  5. #4
    Diamond Member
    Join Date
    Apr 2010
    Location
    planet earth
    Posts
    3,943
    Thanks
    153
    Thanked 317 Times in 287 Posts
    Glad to see Dave cleared this up.

    A question Dave does this mean admin has never been able to view PMs on any forums or only ones with vbulletin? The reason I ask, this was many years ago 2006 - 2007 if I recall. It caused quite a stir.

    This is a rather interesting subject because if I where part a terrorist organisation for example I could use PM's on forums to relay sensitive information I didn't want to share with authorities.

    Just to clear the air it had nothing to do with this forum.

  6. #5
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Ian, as mentioned in my previous post, there was (and quite possibly still is) a 3rd party plug-in for vBulletin published that did (or does) enable an admin to look at other people's PM's rather easily.

    There is also the issue that all content of the website is actually kept in a MySQL database. Now while each user's password is encrypted data, pretty much everything else isn't. This means if you've got read permissions to the database, and if you know where to look, you could read the content quite easily.

    Ultimately the only protection any of us have is the ethics of the website admin (including the hosting company) and the overall level of the website's security (which is a complex combination of factors on its own - the platform software, OS, permission settings, firewalls, malicious software injection detection scripts, password strength, invalid log-in attempt reporting, and probably more besides).

    This situation is much the same for most other forum software as far as I know. And realistically the bottom line issue of database and file access security is much the same for any website - it's only as good as the way it's set up and to some extent, maintained.

    Quote Originally Posted by ians View Post
    The reason I ask, this was many years ago 2006 - 2007 if I recall. It caused quite a stir.
    Yeah, as I recall the PM snoop plug-in was first released about that time. And you're right, it did cause quite a stir, particularly in webmaster circles. Not only because someone came up with the idea and went to the trouble of writing it, but because some web admins did actually download it (and no doubt used it too).

  7. Thanks given for this post:

    KristiKat (14-Mar-14)

  8. #6
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Just got to the post that triggered the question, I guess.

    Quote Originally Posted by ians View Post
    Someone asked the question, whether or not admin could read peoples PM's and the response was well they shouldn't because it is unethical but yes admin can access people PM's if they "need to".
    I certainly wouldn't have been happy with that response either. It begs the question - why would the admin "need to"?

    After all these years I've certainly never had occasion to even come close to thinking "heck, being able to read so-and-so's PMs would be handy right now".
    And I've yet to hear a valid reason why they might "need to" either.

    If a member has a problem with a PM they've received, there's a Report Post button. And on the exceptionally rare occasion a member has seen fit to use it (on TFSA only twice ever, I think), understanding and resolving the issue certainly didn't require accessing anyone's PM content.

  9. #7
    Diamond Member AndyD's Avatar
    Join Date
    Jan 2010
    Location
    Cape Town
    Posts
    4,923
    Thanks
    576
    Thanked 934 Times in 755 Posts
    I'd suggest that whilst the PM system is to all intents and purposes private, you shouldn't ever assume privacy is a 'given' or take privacy for granted same as you should never assume that something has been removed from the internet (or a harddrive for that matter) because you deleted it.
    _______________________________________________

    _______________________________________________

  10. #8
    Platinum Member SilverNodashi's Avatar
    Join Date
    May 2007
    Location
    Johannesburg, South Africa
    Posts
    1,197
    Thanks
    12
    Thanked 188 Times in 136 Posts
    You should never assume that anything you share on the internet is either, a) safe or be b) secure, especially if it's on a 3rd party platform. The moment you use a platform created by, or managed by someone else, you loose the right to your privacy. And by that I don't mean the developers or owners will steal your data, but rather that the data you share is in someone else's "possession". i.e. it's stored on a system managed and owned by someone else.
    and, while in most cases the forum owner or admin might be a trustworthy guy (like Dave , his system could be compromised and the thieves now have access to your precious data. Most forums, for example, don't use encrypted communications, primarily due to the extra costs (an SSL certificate can cost R250+ per year) and the extra load on the servers (which again, cost money) so a man-in-the-middle attack could very easily be performed and someone could have captured every byte transferred to and from the forum.


    I'm by no means slanting anyone with the above statement, nor do I want to put Dave or The Forum SA in a bad position. Instead, I'm trying to show you how insecure the internet is by design. You should take responsibility for what you post online, even in a PM.

    For this reason, you should never use the same password on any two websites. In fact, you should actually be using a different email address for very sensitive stuff like online banking as well.
    Get superfast South African Hosting at WebHostingZone

  11. #9
    Bronze Member KristiKat's Avatar
    Join Date
    Feb 2014
    Location
    GAUTENGALENG PLACE OF GOLD
    Posts
    178
    Thanks
    84
    Thanked 16 Times in 15 Posts
    Blog Entries
    4
    Quote Originally Posted by Dave A View Post
    Just got to the post that triggered the question, I guess.


    I certainly wouldn't have been happy with that response either. It begs the question - why would the admin "need to"?

    I CANNOT believe that admins on other sites have the time to read other people's PMs...

    but if they do, then they might as well be bigger trolls than the ones they are trying to "inspect".
    “Curiousity is the discovery of satan, the devil was hidden and far, now he stares everyone in the face.” ― Michael Bassey Johnson There is evil! It's actual, like cement... I can't believe it. I can't stand it. Evil is not a view... it's an ingredient in us. In the world. Poured over us, filtering into our bodies, minds, hearts, into the pavement itself.

  12. #10
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Quote Originally Posted by SoftDux-Rudi View Post
    Most forums, for example, don't use encrypted communications, primarily due to the extra costs (an SSL certificate can cost R250+ per year)
    Peanuts compared to the hosting costs for a website this size.

    Quote Originally Posted by SoftDux-Rudi View Post
    so a man-in-the-middle attack could very easily be performed and someone could have captured every byte transferred to and from the forum.
    Interesting. Where would you put the script?

Page 1 of 2 12 LastLast

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •